[jira] [Updated] (SOLR-7838) Implement a RuleBasedAuthorizationPlugin
[
https://issues.apache.org/jira/browse/SOLR-7838?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Noble Paul updated SOLR-7838:
-
Description:
h2. authorization plugin
This would store the roles of various users and their privileges in ZK
sample authorization.json
{code:javascript}
{
authorization: {
class: solr.ZKAuthorization,
user-role :{
john : [admin, guest]
tom : 'dev'
}
permissions: [
{name:collection-edit,
role: admin
},
{name:coreadmin,
role:admin
},
{name: mycoll_update,
collection: mycoll,
path:[/update/*],
role: [guest,admin]
}]
}
}
}
{code}
This also supports editing of the configuration through APIs
Example 1: add or remove roles
{code}
curl --user solr:SolrRocks http://localhost:8983/solr/admin/authorization -H
'Content-type:application/json' -d '{
set-user-role: {tom:[admin,dev},
set-user-role: {harry:null}
}'
{code}
Example 2: add or remove permissions
{code}
curl --user solr:SolrRocks http://localhost:8983/solr/admin/authorization -H
'Content-type:application/json'-d '{
set-permission: { name:a-custom-permission-name,
collection:gettingstarted,
path:/handler-name,
before: name-of-another-permission
},
delete-permission:permission-name
}'
{code}
Use the 'before' property to re-order your permissions
Example 3: Restrict collection admin operations (writes only) to be performed
by an admin only
{code}
curl --user solr:SolrRocks http://localhost:8983/solr/admin/authorization -H
'Content-type:application/json' -d '{
set-permission : {name:collection-admin-edit, role:admin}}'
{code}
was:
h2. authorization plugin
This would store the roles of various users and their privileges in ZK
sample authorization.json
{code:javascript}
{
authorization: {
class: solr.ZKAuthorization,
roles :{
john : [admin]
david : [guest,dev]
}
permissions: {
collection-edit: {
role: admin
},
coreadmin:{
role:admin
},
config-edit: {
//all collections
role: admin,
method:POST
},
schema-edit: {
roles: admin,
method:POST
},
update: {
//all collections
role: dev
},
mycoll_update: {
collection: mycoll,
path:[/update/*],
role: [somebody]
}
}
}
}
{code}
This also supports editing of the configuration through APIs
Example 1: add or remove roles
{code}
curl --user solr:SolrRocks http://localhost:8983/solr/admin/authorization -H
'Content-type:application/json' -d '{
set-user-role: {tom:[admin,dev},
set-user-role: {harry:null}
}'
{code}
Example 2: add or remove permissions
{code}
curl --user solr:SolrRocks http://localhost:8983/solr/admin/authorization -H
'Content-type:application/json'-d '{
set-permission: { name:a-custom-permission-name,
collection:gettingstarted,
path:/handler-name,
before: name-of-another-permission
},
delete-permission:permission-name
}'
{code}
Please note that you have to replace the whole permission each time it is
edited. The API does not support editing one property at a time. Use the
'before' property to re-order your permissions
Example 3: Restrict collection admin operations (writes only) to be performed
by an admin only
{code}
curl --user solr:SolrRocks http://localhost:8983/solr/admin/authorization -H
'Content-type:application/json' -d '{
set-permission : {name:collection-admin-edit, role:admin}}'
{code}
Implement a RuleBasedAuthorizationPlugin
Key: SOLR-7838
URL: https://issues.apache.org/jira/browse/SOLR-7838
Project: Solr
Issue Type: Sub-task
Reporter: Noble Paul
Assignee: Noble Paul
Priority: Blocker
Fix For: 5.3, Trunk
h2. authorization plugin
This would store the roles of various users and their privileges in ZK
sample authorization.json
{code:javascript}
{
authorization: {
class: solr.ZKAuthorization,
user-role :{
john : [admin, guest]
tom : 'dev'
}
permissions: [
{name:collection-edit,
role: admin
},
{name:coreadmin,
role:admin
},
{name: mycoll_update,
collection: mycoll,
path:[/update/*],
role: [guest,admin]
}]
}
}
}
{code}
This also supports editing of the configuration through APIs
Example 1: add or remove roles
{code}
curl --user solr:SolrRocks http://localhost:8983/solr/admin/authorization -H
'Content-type:application/json' -d '{
set-user-role: {tom:[admin,dev},
set-user-role: {harry:null}
}'
{code}
[jira] [Updated] (SOLR-7838) Implement a RuleBasedAuthorizationPlugin
[
https://issues.apache.org/jira/browse/SOLR-7838?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Michael McCandless updated SOLR-7838:
-
Priority: Blocker (was: Major)
Implement a RuleBasedAuthorizationPlugin
Key: SOLR-7838
URL: https://issues.apache.org/jira/browse/SOLR-7838
Project: Solr
Issue Type: Sub-task
Reporter: Noble Paul
Assignee: Noble Paul
Priority: Blocker
Fix For: 5.3, Trunk
h2. authorization plugin
This would store the roles of various users and their privileges in ZK
sample authorization.json
{code:javascript}
{
authorization: {
class: solr.ZKAuthorization,
roles :{
john : [admin]
david : [guest,dev]
}
permissions: {
collection-edit: {
role: admin
},
coreadmin:{
role:admin
},
config-edit: {
//all collections
role: admin,
method:POST
},
schema-edit: {
roles: admin,
method:POST
},
update: {
//all collections
role: dev
},
mycoll_update: {
collection: mycoll,
path:[/update/*],
role: [somebody]
}
}
}
}
{code}
This also supports editing of the configuration through APIs
Example 1: add or remove roles
{code}
curl --user solr:SolrRocks http://localhost:8983/solr/admin/authorization -H
'Content-type:application/json' -d '{
set-user-role: {tom:[admin,dev},
set-user-role: {harry:null}
}'
{code}
Example 2: add or remove permissions
{code}
curl --user solr:SolrRocks http://localhost:8983/solr/admin/authorization -H
'Content-type:application/json'-d '{
set-permission: { name:a-custom-permission-name,
collection:gettingstarted,
path:/handler-name,
before: name-of-another-permission
},
delete-permission:permission-name
}'
{code}
Please note that you have to replace the whole permission each time it is
edited. The API does not support editing one property at a time. Use the
'before' property to re-order your permissions
Example 3: Restrict collection admin operations (writes only) to be performed
by an admin only
{code}
curl --user solr:SolrRocks http://localhost:8983/solr/admin/authorization -H
'Content-type:application/json' -d '{
set-permission : {name:collection-admin-edit, role:admin}}'
{code}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
-
To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
For additional commands, e-mail: dev-h...@lucene.apache.org
[jira] [Updated] (SOLR-7838) Implement a RuleBasedAuthorizationPlugin
[
https://issues.apache.org/jira/browse/SOLR-7838?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Noble Paul updated SOLR-7838:
-
Description:
h2. authorization plugin
This would store the roles of various users and their privileges in ZK
sample authorization.json
{code:javascript}
{
authorization: {
class: solr.ZKAuthorization,
roles :{
john : [admin]
david : [guest,dev]
}
permissions: {
collection-edit: {
role: admin
},
coreadmin:{
role:admin
},
config-edit: {
//all collections
role: admin,
method:POST
},
schema-edit: {
roles: admin,
method:POST
},
update: {
//all collections
role: dev
},
mycoll_update: {
collection: mycoll,
path:[/update/*],
role: [somebody]
}
}
}
}
{code}
This also supports editing of the configuration through APIs
Example 1: add or remove roles
{code}
curl --user solr:SolrRocks http://localhost:8983/solr/admin/authorization -H
'Content-type:application/json' -d '{
set-user-role: {tom:[admin,dev},
set-user-role: {harry:null}
}'
{code}
Example 2: add or remove permissions
{code}
curl --user solr:SolrRocks http://localhost:8983/solr/admin/authorization -H
'Content-type:application/json'-d '{
set-permission: { name:a-custom-permission-name,
collection:gettingstarted,
path:/handler-name,
before: name-of-another-permission
},
delete-permission:permission-name
}'
{code}
Please note that you have to replace the whole permission each time it is
edited. The API does not support editing one property at a time. Use the
'before' property to re-order your permissions
Example 3: Restrict collection admin operations (writes only) to be performed
by an admin only
{code}
curl --user solr:SolrRocks http://localhost:8983/solr/admin/authorization -H
'Content-type:application/json' -d '{
set-permission : {name:collection-admin-edit, role:admin}}'
{code}
Implement a RuleBasedAuthorizationPlugin
Key: SOLR-7838
URL: https://issues.apache.org/jira/browse/SOLR-7838
Project: Solr
Issue Type: Sub-task
Reporter: Noble Paul
h2. authorization plugin
This would store the roles of various users and their privileges in ZK
sample authorization.json
{code:javascript}
{
authorization: {
class: solr.ZKAuthorization,
roles :{
john : [admin]
david : [guest,dev]
}
permissions: {
collection-edit: {
role: admin
},
coreadmin:{
role:admin
},
config-edit: {
//all collections
role: admin,
method:POST
},
schema-edit: {
roles: admin,
method:POST
},
update: {
//all collections
role: dev
},
mycoll_update: {
collection: mycoll,
path:[/update/*],
role: [somebody]
}
}
}
}
{code}
This also supports editing of the configuration through APIs
Example 1: add or remove roles
{code}
curl --user solr:SolrRocks http://localhost:8983/solr/admin/authorization -H
'Content-type:application/json' -d '{
set-user-role: {tom:[admin,dev},
set-user-role: {harry:null}
}'
{code}
Example 2: add or remove permissions
{code}
curl --user solr:SolrRocks http://localhost:8983/solr/admin/authorization -H
'Content-type:application/json'-d '{
set-permission: { name:a-custom-permission-name,
collection:gettingstarted,
path:/handler-name,
before: name-of-another-permission
},
delete-permission:permission-name
}'
{code}
Please note that you have to replace the whole permission each time it is
edited. The API does not support editing one property at a time. Use the
'before' property to re-order your permissions
Example 3: Restrict collection admin operations (writes only) to be performed
by an admin only
{code}
curl --user solr:SolrRocks http://localhost:8983/solr/admin/authorization -H
'Content-type:application/json' -d '{
set-permission : {name:collection-admin-edit, role:admin}}'
{code}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
-
To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
For additional commands, e-mail: dev-h...@lucene.apache.org
