Details

    • Type: Sub-task
    • Status: Closed
    • Priority: Blocker
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 5.3, 6.0
    • Component/s: None
    • Labels:
      None

      Description

      authorization plugin

      This would store the roles of various users and their privileges in ZK

      sample authorization.json

      {
        "authorization": {
          "class": "solr.ZKAuthorization",
         "user-role" :{
        "john" : ["admin", "guest"]
        "tom" : 'dev'
         }
          "permissions": [
             {"name":"collection-edit",
               "role": "admin" 
             },
             {"name":"coreadmin",
               "role":"admin"
             },
             {"name": "mycoll_update",
              "collection": "mycoll",
              "path":["/update/*"],
              "role": ["guest","admin"]
            }]
          }
        }
      }
      

      This also supports editing of the configuration through APIs
      Example 1: add or remove roles

      curl --user solr:SolrRocks http://localhost:8983/solr/admin/authorization -H 'Content-type:application/json' -d '{ 
        "set-user-role": {"tom":["admin","dev"},
      "set-user-role": {"harry":null}
      }'
      

      Example 2: add or remove permissions

      curl --user solr:SolrRocks http://localhost:8983/solr/admin/authorization -H 'Content-type:application/json'-d '{ 
      
        "set-permission": { "name":"a-custom-permission-name",
                            "collection":"gettingstarted",
                            "path":"/handler-name",
                            "before": "name-of-another-permission"
         },
      
       "delete-permission":"permission-name"
      
      }'
      

      Use the 'before' property to re-order your permissions

      Example 3: Restrict collection admin operations (writes only) to be performed by an admin only

      curl --user solr:SolrRocks http://localhost:8983/solr/admin/authorization -H 'Content-type:application/json' -d '{
      "set-permission" : {"name":"collection-admin-edit", "role":"admin"}}'
      
      

        Attachments

          Activity

            People

            • Assignee:
              noble.paul Noble Paul
              Reporter:
              noble.paul Noble Paul
            • Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: