Description
authorization plugin
This would store the roles of various users and their privileges in ZK
sample authorization.json
{ "authorization": { "class": "solr.ZKAuthorization", "user-role" :{ "john" : ["admin", "guest"] "tom" : 'dev' } "permissions": [ {"name":"collection-edit", "role": "admin" }, {"name":"coreadmin", "role":"admin" }, {"name": "mycoll_update", "collection": "mycoll", "path":["/update/*"], "role": ["guest","admin"] }] } } }
This also supports editing of the configuration through APIs
Example 1: add or remove roles
curl --user solr:SolrRocks http://localhost:8983/solr/admin/authorization -H 'Content-type:application/json' -d '{ "set-user-role": {"tom":["admin","dev"}, "set-user-role": {"harry":null} }'
Example 2: add or remove permissions
curl --user solr:SolrRocks http://localhost:8983/solr/admin/authorization -H 'Content-type:application/json'-d '{ "set-permission": { "name":"a-custom-permission-name", "collection":"gettingstarted", "path":"/handler-name", "before": "name-of-another-permission" }, "delete-permission":"permission-name" }'
Use the 'before' property to re-order your permissions
Example 3: Restrict collection admin operations (writes only) to be performed by an admin only
curl --user solr:SolrRocks http://localhost:8983/solr/admin/authorization -H 'Content-type:application/json' -d '{ "set-permission" : {"name":"collection-admin-edit", "role":"admin"}}'