Details
-
Bug
-
Status: Open
-
Major
-
Resolution: Unresolved
-
None
-
None
-
None
Description
How to reproduce:
2 Solr collections: col1 and col2
1 user: myuser
1 Ranger policy: user: "myuser", access type: "Read", "Write", resources/collections: "col1", "col2"
query of col1 returns content of col1 and logs event successfully in Ranger audit.
```
curl -k --negotiate -u : "http://solr_url:solr_port/solr/col1/search?q=*"
```
query of col2 returns content of col2 and logs it successfully in Ranger audit.
```
curl -k --negotiate -u : "http://solr_url:solr_port/solr/col2/search?q=*"
```
query of col1 and col2 will return a "403 Unauthorized request":
```
curl -k --negotiate -u : "http://solr_url:solr_port/solr/col1/select?q=*&collections=col1,col2"
```
In Ranger audit we now see 3 lines:
- user: myuser, resource: col1,col2, Result: Denied
- user: myuser, resource: col1, Result: Allowed
- user: myuser, resource: col2, Result: Allowed
Expectation would be that query is successfull!
The use case/business case is Metron, which queries Solr in this specific way!