You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ranger.apache.org by "Ramesh Mani (JIRA)" <ji...@apache.org> on 2018/08/01 10:44:00 UTC
[jira] [Assigned] (RANGER-2178) Ranger Solr Plugin fails to execute
policy when multiple collections are queried
[ https://issues.apache.org/jira/browse/RANGER-2178?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Ramesh Mani reassigned RANGER-2178:
-----------------------------------
Assignee: Ramesh Mani
> Ranger Solr Plugin fails to execute policy when multiple collections are queried
> --------------------------------------------------------------------------------
>
> Key: RANGER-2178
> URL: https://issues.apache.org/jira/browse/RANGER-2178
> Project: Ranger
> Issue Type: Bug
> Components: plugins
> Reporter: Stefan Kupstaitis-Dunkler
> Assignee: Ramesh Mani
> Priority: Major
>
> How to reproduce:
> 2 Solr collections: col1 and col2
> 1 user: myuser
> 1 Ranger policy: user: "myuser", access type: "Read", "Write", resources/collections: "col1", "col2"
> query of col1 returns content of col1 and logs event successfully in Ranger audit.
> ```
> curl -k --negotiate -u : "http://solr_url:solr_port/solr/col1/search?q=*"
> ```
> query of col2 returns content of col2 and logs it successfully in Ranger audit.
> ```
> curl -k --negotiate -u : "http://solr_url:solr_port/solr/col2/search?q=*"
> ```
> query of col1 *and* col2 will return a "403 Unauthorized request":
> ```
> curl -k --negotiate -u : "http://solr_url:solr_port/solr/col1/select?q=*&collections=col1,col2"
> ```
> In Ranger audit we now see 3 lines:
> * user: myuser, resource: col1,col2, Result: Denied
> * user: myuser, resource: col1, Result: Allowed
> * user: myuser, resource: col2, Result: Allowed
> Expectation would be that query is successfull!
> The use case/business case is Metron, which queries Solr in this specific way!
>
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)