[jira] [Commented] (SOLR-7838) Implement a RuleBasedAuthorizationPlugin

Tue, 11 Aug 2015 08:19:11 -0700 

    [ 
https://issues.apache.org/jira/browse/SOLR-7838?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14681930#comment-14681930
 ] 

ASF subversion and git services commented on SOLR-7838:
-------------------------------------------------------

Commit 1695324 from [~noble.paul] in branch 'dev/branches/branch_5x'
[ https://svn.apache.org/r1695324 ]

SOLR-7838: changed the permissions froma map to an array so that order is 
obvious

> Implement a RuleBasedAuthorizationPlugin
> ----------------------------------------
>
>                 Key: SOLR-7838
>                 URL: https://issues.apache.org/jira/browse/SOLR-7838
>             Project: Solr
>          Issue Type: Sub-task
>            Reporter: Noble Paul
>            Assignee: Noble Paul
>            Priority: Blocker
>             Fix For: 5.3, Trunk
>
>
> h2. authorization plugin
> This would store the roles of various users and their privileges in ZK
> sample authorization.json
> {code:javascript}
> {
>   "authorization": {
>     "class": "solr.ZKAuthorization",
>    "user-role" :{
>   "john" : ["admin", "guest"]
>   "tom" : 'dev'
>    }
>     "permissions": [
>        {"name":"collection-edit",
>          "role": "admin" 
>        },
>        {"name":"coreadmin",
>          "role":"admin"
>        },
>        {"name": "mycoll_update",
>         "collection": "mycoll",
>         "path":["/update/*"],
>         "role": ["guest","admin"]
>       }]
>     }
>   }
> }
> {code} 
> This also supports editing of the configuration through APIs
> Example 1: add or remove roles
> {code}
> curl --user solr:SolrRocks http://localhost:8983/solr/admin/authorization -H 
> 'Content-type:application/json' -d '{ 
>   "set-user-role": {"tom":["admin","dev"},
> "set-user-role": {"harry":null}
> }'
> {code}
>  
> Example 2: add or remove permissions
> {code}
> curl --user solr:SolrRocks http://localhost:8983/solr/admin/authorization -H 
> 'Content-type:application/json'-d '{ 
>   "set-permission": { "name":"a-custom-permission-name",
>                       "collection":"gettingstarted",
>                       "path":"/handler-name",
>                       "before": "name-of-another-permission"
>    },
>  "delete-permission":"permission-name"
> }'
> {code}
> Use the 'before' property to re-order your permissions
> Example 3: Restrict collection admin operations (writes only) to be performed 
> by an admin only
> {code}
> curl --user solr:SolrRocks http://localhost:8983/solr/admin/authorization -H 
> 'Content-type:application/json' -d '{
> "set-permission" : {"name":"collection-admin-edit", "role":"admin"}}'
> {code}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
For additional commands, e-mail: dev-h...@lucene.apache.org

Reply via email to