[
https://issues.apache.org/jira/browse/SENTRY-588?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
guoquan updated SENTRY-588:
---------------------------
Attachment: SENTRY-588.001.patch
> The Solr schema protection with Sentry
> --------------------------------------
>
> Key: SENTRY-588
> URL: https://issues.apache.org/jira/browse/SENTRY-588
> Project: Sentry
> Issue Type: Improvement
> Reporter: guoquan
> Assignee: guoquan
> Attachments: SENTRY-588.001.patch
>
>
> The Solr schema API allows using a REST API to get schema about the each
> collection, including defined field types, fields, dynamic fields, and copy
> field declarations. There exists a risk that user can get the collection
> schema they does not access to. For example, user1 has no query privilege on
> collection collection1, but currently the user1 can get the schema metadata
> about collection1 as running the command: curl
> http://localhost:8983/solr/collection1/schema It’s should deny the users get
> the schema information that they haven’t query privilege on.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
