You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@lucene.apache.org by "Noble Paul (JIRA)" <ji...@apache.org> on 2015/08/07 05:44:45 UTC
[jira] [Updated] (SOLR-7838) Implement a
RuleBasedAuthorizationPlugin
[ https://issues.apache.org/jira/browse/SOLR-7838?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Noble Paul updated SOLR-7838:
-----------------------------
Description:
h2. authorization plugin
This would store the roles of various users and their privileges in ZK
sample authorization.json
{code:javascript}
{
"authorization": {
"class": "solr.ZKAuthorization",
"roles" :{
"john" : ["admin"]
"david" : ["guest","dev"]
}
"permissions": {
"collection-edit": {
"role": "admin"
},
"coreadmin":{
"role":"admin"
},
"config-edit": {
//all collections
"role": "admin",
"method":"POST"
},
"schema-edit": {
"roles": "admin",
"method":"POST"
},
"update": {
//all collections
"role": "dev"
},
"mycoll_update": {
"collection": "mycoll",
"path":["/update/*"],
"role": ["somebody"]
}
}
}
}
{code}
This also supports editing of the configuration through APIs
Example 1: add or remove roles
{code}
curl --user solr:SolrRocks http://localhost:8983/solr/admin/authorization -H 'Content-type:application/json' -d '{
"set-user-role": {"tom":["admin","dev"},
"set-user-role": {"harry":null}
}'
{code}
Example 2: add or remove permissions
{code}
curl --user solr:SolrRocks http://localhost:8983/solr/admin/authorization -H 'Content-type:application/json'-d '{
"set-permission": { "name":"a-custom-permission-name",
"collection":"gettingstarted",
"path":"/handler-name",
"before": "name-of-another-permission"
},
"delete-permission":"permission-name"
}'
{code}
Please note that you have to replace the whole permission each time it is edited. The API does not support editing one property at a time. Use the 'before' property to re-order your permissions
Example 3: Restrict collection admin operations (writes only) to be performed by an admin only
{code}
curl --user solr:SolrRocks http://localhost:8983/solr/admin/authorization -H 'Content-type:application/json' -d '{
"set-permission" : {"name":"collection-admin-edit", "role":"admin"}}'
{code}
> Implement a RuleBasedAuthorizationPlugin
> ----------------------------------------
>
> Key: SOLR-7838
> URL: https://issues.apache.org/jira/browse/SOLR-7838
> Project: Solr
> Issue Type: Sub-task
> Reporter: Noble Paul
>
> h2. authorization plugin
> This would store the roles of various users and their privileges in ZK
> sample authorization.json
> {code:javascript}
> {
> "authorization": {
> "class": "solr.ZKAuthorization",
> "roles" :{
> "john" : ["admin"]
> "david" : ["guest","dev"]
> }
> "permissions": {
> "collection-edit": {
> "role": "admin"
> },
> "coreadmin":{
> "role":"admin"
> },
> "config-edit": {
> //all collections
> "role": "admin",
> "method":"POST"
> },
> "schema-edit": {
> "roles": "admin",
> "method":"POST"
> },
> "update": {
> //all collections
> "role": "dev"
> },
> "mycoll_update": {
> "collection": "mycoll",
> "path":["/update/*"],
> "role": ["somebody"]
> }
> }
> }
> }
> {code}
> This also supports editing of the configuration through APIs
> Example 1: add or remove roles
> {code}
> curl --user solr:SolrRocks http://localhost:8983/solr/admin/authorization -H 'Content-type:application/json' -d '{
> "set-user-role": {"tom":["admin","dev"},
> "set-user-role": {"harry":null}
> }'
> {code}
>
> Example 2: add or remove permissions
> {code}
> curl --user solr:SolrRocks http://localhost:8983/solr/admin/authorization -H 'Content-type:application/json'-d '{
> "set-permission": { "name":"a-custom-permission-name",
> "collection":"gettingstarted",
> "path":"/handler-name",
> "before": "name-of-another-permission"
> },
> "delete-permission":"permission-name"
> }'
> {code}
> Please note that you have to replace the whole permission each time it is edited. The API does not support editing one property at a time. Use the 'before' property to re-order your permissions
> Example 3: Restrict collection admin operations (writes only) to be performed by an admin only
> {code}
> curl --user solr:SolrRocks http://localhost:8983/solr/admin/authorization -H 'Content-type:application/json' -d '{
> "set-permission" : {"name":"collection-admin-edit", "role":"admin"}}'
> {code}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@lucene.apache.org
For additional commands, e-mail: dev-help@lucene.apache.org