Protect a collection to be deleted

[Yago Riveiro <ya...@gmail.com>]

Hi, 

Is it possible in Solr protect a collection to be deleted through a
property?

Regards
 



-----
Best regards

/Yago
--
Sent from: http://lucene.472066.n3.nabble.com/Solr-User-f472068.html

Re: Protect a collection to be deleted

[Anshum Gupta <an...@apple.com>]

From what I remember, you can set a custom permission for a specific user to be able to delete a collection, or not allow anyone to delete a specific collection.

Check out the “user defined permissions” section here: https://lucidworks.com/2015/08/17/securing-solr-basic-auth-permission-rules/ <https://lucidworks.com/2015/08/17/securing-solr-basic-auth-permission-rules/>

-Anshum



> On Dec 13, 2017, at 7:20 AM, Shawn Heisey <ap...@elyograg.org> wrote:
> 
> On 12/12/2017 1:23 PM, Anshum Gupta wrote:
>> You might want to explore Rule based authorization in Solr and stop
>> non-admin users from deleting collections etc. Here’s the link to the
>> documentation: https://lucene.apache.org/solr/guide/6_6/rule-based-authorization-plugin.html
> 
> Because I've never used the authentication plugins, I have to ask: What
> kind of granularity does this offer?  Can it protect individual
> collections from being deleted, while allowing others to be deleted?
> When I read the documentation, I see something saying that the
> permission affects ALL collections, so I suspect that kind of
> granularity is not possible.
> 
> If authorization can be extended to allow per-collection permissions,
> that is one way to handle the use case, if the admin is already using
> authentication on their Solr instances.  I don't use authentication, and
> it would be quite painful for my ecosystem if I were to turn it on, so I
> would want to have something else available to protect collections from
> API actions.
> 
> Thanks,
> Shawn
> 

Re: Protect a collection to be deleted

[Shawn Heisey <ap...@elyograg.org>]

On 12/12/2017 1:23 PM, Anshum Gupta wrote:
> You might want to explore Rule based authorization in Solr and stop
> non-admin users from deleting collections etc. Here’s the link to the
> documentation: https://lucene.apache.org/solr/guide/6_6/rule-based-authorization-plugin.html 

Because I've never used the authentication plugins, I have to ask: What
kind of granularity does this offer?  Can it protect individual
collections from being deleted, while allowing others to be deleted? 
When I read the documentation, I see something saying that the
permission affects ALL collections, so I suspect that kind of
granularity is not possible.

If authorization can be extended to allow per-collection permissions,
that is one way to handle the use case, if the admin is already using
authentication on their Solr instances.  I don't use authentication, and
it would be quite painful for my ecosystem if I were to turn it on, so I
would want to have something else available to protect collections from
API actions.

Thanks,
Shawn

Re: Protect a collection to be deleted

[Yago Riveiro <ya...@gmail.com>]

That can work, but the goal it’s to avoid human error (like the UI that enforce you to type de name of the collection on delete) independently of the access level.

Regards

--

/Yago Riveiro

On 12 Dec 2017 20:24 +0000, Anshum Gupta <an...@apple.com>, wrote:
> You might want to explore Rule based authorization in Solr and stop non-admin users from deleting collections etc. Here’s the link to the documentation: https://lucene.apache.org/solr/guide/6_6/rule-based-authorization-plugin.html
>
> -Anshum
>
>
>
> > On Dec 12, 2017, at 9:27 AM, Yago Riveiro <ya...@gmail.com> wrote:
> >
> > Hi,
> >
> > Is it possible in Solr protect a collection to be deleted through a
> > property?
> >
> > Regards
> >
> >
> >
> >
> > -----
> > Best regards
> >
> > /Yago
> > --
> > Sent from: http://lucene.472066.n3.nabble.com/Solr-User-f472068.html
>

Re: Protect a collection to be deleted

[Anshum Gupta <an...@apple.com>]

You might want to explore Rule based authorization in Solr and stop non-admin users from deleting collections etc. Here’s the link to the documentation: https://lucene.apache.org/solr/guide/6_6/rule-based-authorization-plugin.html <https://lucene.apache.org/solr/guide/6_6/rule-based-authorization-plugin.html>

-Anshum



> On Dec 12, 2017, at 9:27 AM, Yago Riveiro <ya...@gmail.com> wrote:
> 
> Hi,
> 
> Is it possible in Solr protect a collection to be deleted through a
> property?
> 
> Regards
> 
> 
> 
> 
> -----
> Best regards
> 
> /Yago
> --
> Sent from: http://lucene.472066.n3.nabble.com/Solr-User-f472068.html

Re: Protect a collection to be deleted

[Yago Riveiro <ya...@gmail.com>]

Thanks Shawn for address the question to Jira.

Indeed I want to continue to insert data in the collection.

I found that delete a collection by mistake using the API it’s to easy and prone to human error.

Regards,

--

Yago Riveiro

On 12 Dec 2017 19:05 +0000, Shawn Heisey <ap...@elyograg.org>, wrote:
> On 12/12/2017 10:27 AM, Yago Riveiro wrote:
> > Is it possible in Solr protect a collection to be deleted through a
> > property?
>
> I doubt that this is possible at the moment.
>
> The suggestion from Markus to change permissions on the index files
> would prevent the actual index from being deleted, but I suspect that a
> Collections API delete would still remove the collection from the
> cloud.  Also, it would prevent any changes to the index, which reduces
> Solr's usefulness.
>
> An update processor to block mistakes is an interesting idea, but again,
> doesn't keep you from deleting the collection entirely with the
> collections API.
>
> I've opened an issue for an idea to achieve what I *think* you're after:
>
> https://issues.apache.org/jira/browse/SOLR-11751
>
> Thanks,
> Shawn
>

Re: Protect a collection to be deleted

[Shawn Heisey <ap...@elyograg.org>]

On 12/12/2017 10:27 AM, Yago Riveiro wrote:
> Is it possible in Solr protect a collection to be deleted through a
> property?

I doubt that this is possible at the moment.

The suggestion from Markus to change permissions on the index files
would prevent the actual index from being deleted, but I suspect that a
Collections API delete would still remove the collection from the
cloud.  Also, it would prevent any changes to the index, which reduces
Solr's usefulness.

An update processor to block mistakes is an interesting idea, but again,
doesn't keep you from deleting the collection entirely with the
collections API.

I've opened an issue for an idea to achieve what I *think* you're after:

https://issues.apache.org/jira/browse/SOLR-11751

Thanks,
Shawn