Blocker Description
authorization plugin
This would store the roles of various users and their privileges in ZK
sample authorization.json
{
"authorization": {
"class": "solr.ZKAuthorization",
"user-role" :{
"john" : ["admin", "guest"]
"tom" : 'dev'
}
"permissions": [
{"name":"collection-edit",
"role": "admin"
},
{"name":"coreadmin",
"role":"admin"
},
{"name": "mycoll_update",
"collection": "mycoll",
"path":["/update/*"],
"role": ["guest","admin"]
}]
}
}
}
This also supports editing of the configuration through APIs
Example 1: add or remove roles
curl --user solr:SolrRocks http://localhost:8983/solr/admin/authorization -H 'Content-type:application/json' -d '{ "set-user-role": {"tom":["admin","dev"}, "set-user-role": {"harry":null} }'
Example 2: add or remove permissions
curl --user solr:SolrRocks http://localhost:8983/solr/admin/authorization -H 'Content-type:application/json'-d '{ "set-permission": { "name":"a-custom-permission-name", "collection":"gettingstarted", "path":"/handler-name", "before": "name-of-another-permission" }, "delete-permission":"permission-name" }'
Use the 'before' property to re-order your permissions
Example 3: Restrict collection admin operations (writes only) to be performed by an admin only
curl --user solr:SolrRocks http://localhost:8983/solr/admin/authorization -H 'Content-type:application/json' -d '{ "set-permission" : {"name":"collection-admin-edit", "role":"admin"}}'