lucene-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jan Høydahl (JIRA) <j...@apache.org>
Subject [jira] [Commented] (SOLR-7838) Implement a RuleBasedAuthorizationPlugin
Date Fri, 07 Aug 2015 07:52:45 GMT

    [ https://issues.apache.org/jira/browse/SOLR-7838?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14661461#comment-14661461
] 

Jan Høydahl commented on SOLR-7838:
-----------------------------------

Cool, I did not notice the parent when I wrote the comment, it all makes sense now. Sorry
for jumping to conclusions :(

> Implement a RuleBasedAuthorizationPlugin
> ----------------------------------------
>
>                 Key: SOLR-7838
>                 URL: https://issues.apache.org/jira/browse/SOLR-7838
>             Project: Solr
>          Issue Type: Sub-task
>            Reporter: Noble Paul
>            Assignee: Noble Paul
>
> h2. authorization plugin
> This would store the roles of various users and their privileges in ZK
> sample authorization.json
> {code:javascript}
> {
>   "authorization": {
>     "class": "solr.ZKAuthorization",
>    "roles" :{
>   "john" : ["admin"]
>   "david" : ["guest","dev"]
>    }
>     "permissions": {
>        "collection-edit": {
>          "role": "admin" 
>        },
>        "coreadmin":{
>          "role":"admin"
>        },
>        "config-edit": {
>          //all collections
>          "role": "admin",
>          "method":"POST"
>        },
>        "schema-edit": {
>          "roles": "admin",
>          "method":"POST"
>        },
>        "update": {
>          //all collections
>          "role": "dev"
>        },
>       "mycoll_update": {
>         "collection": "mycoll",
>         "path":["/update/*"],
>         "role": ["somebody"]
>       }
>     }
>   }
> }
> {code} 
> This also supports editing of the configuration through APIs
> Example 1: add or remove roles
> {code}
> curl --user solr:SolrRocks http://localhost:8983/solr/admin/authorization -H 'Content-type:application/json'
-d '{ 
>   "set-user-role": {"tom":["admin","dev"},
>   "set-user-role": {"harry":null}
> }'
> {code}
>  
> Example 2: add or remove permissions
> {code}
> curl --user solr:SolrRocks http://localhost:8983/solr/admin/authorization -H 'Content-type:application/json'-d
'{ 
>   "set-permission": { "name":"a-custom-permission-name",
>                       "collection":"gettingstarted",
>                       "path":"/handler-name",
>                       "before": "name-of-another-permission"
>    },
>  "delete-permission":"permission-name"
> }'
> {code}
> Please note that you have to replace the whole permission each time it is edited. The
API does not support editing one property at a time. Use the 'before' property to re-order
your permissions
> Example 3: Restrict collection admin operations (writes only) to be performed by an admin
only
> {code}
> curl --user solr:SolrRocks http://localhost:8983/solr/admin/authorization -H 'Content-type:application/json'
-d '{
> "set-permission" : {"name":"collection-admin-edit", "role":"admin"}}'
> {code}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@lucene.apache.org
For additional commands, e-mail: dev-help@lucene.apache.org


Mime
View raw message