[jira] [Updated] (SOLR-7838) Implement a RuleBasedAuthorizationPlugin
[ https://issues.apache.org/jira/browse/SOLR-7838?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Noble Paul updated SOLR-7838: - Description: h2. authorization plugin This would store the roles of various users and their privileges in ZK sample authorization.json {code:javascript} { authorization: { class: solr.ZKAuthorization, user-role :{ john : [admin, guest] tom : 'dev' } permissions: [ {name:collection-edit, role: admin }, {name:coreadmin, role:admin }, {name: mycoll_update, collection: mycoll, path:[/update/*], role: [guest,admin] }] } } } {code} This also supports editing of the configuration through APIs Example 1: add or remove roles {code} curl --user solr:SolrRocks http://localhost:8983/solr/admin/authorization -H 'Content-type:application/json' -d '{ set-user-role: {tom:[admin,dev}, set-user-role: {harry:null} }' {code} Example 2: add or remove permissions {code} curl --user solr:SolrRocks http://localhost:8983/solr/admin/authorization -H 'Content-type:application/json'-d '{ set-permission: { name:a-custom-permission-name, collection:gettingstarted, path:/handler-name, before: name-of-another-permission }, delete-permission:permission-name }' {code} Use the 'before' property to re-order your permissions Example 3: Restrict collection admin operations (writes only) to be performed by an admin only {code} curl --user solr:SolrRocks http://localhost:8983/solr/admin/authorization -H 'Content-type:application/json' -d '{ set-permission : {name:collection-admin-edit, role:admin}}' {code} was: h2. authorization plugin This would store the roles of various users and their privileges in ZK sample authorization.json {code:javascript} { authorization: { class: solr.ZKAuthorization, roles :{ john : [admin] david : [guest,dev] } permissions: { collection-edit: { role: admin }, coreadmin:{ role:admin }, config-edit: { //all collections role: admin, method:POST }, schema-edit: { roles: admin, method:POST }, update: { //all collections role: dev }, mycoll_update: { collection: mycoll, path:[/update/*], role: [somebody] } } } } {code} This also supports editing of the configuration through APIs Example 1: add or remove roles {code} curl --user solr:SolrRocks http://localhost:8983/solr/admin/authorization -H 'Content-type:application/json' -d '{ set-user-role: {tom:[admin,dev}, set-user-role: {harry:null} }' {code} Example 2: add or remove permissions {code} curl --user solr:SolrRocks http://localhost:8983/solr/admin/authorization -H 'Content-type:application/json'-d '{ set-permission: { name:a-custom-permission-name, collection:gettingstarted, path:/handler-name, before: name-of-another-permission }, delete-permission:permission-name }' {code} Please note that you have to replace the whole permission each time it is edited. The API does not support editing one property at a time. Use the 'before' property to re-order your permissions Example 3: Restrict collection admin operations (writes only) to be performed by an admin only {code} curl --user solr:SolrRocks http://localhost:8983/solr/admin/authorization -H 'Content-type:application/json' -d '{ set-permission : {name:collection-admin-edit, role:admin}}' {code} Implement a RuleBasedAuthorizationPlugin Key: SOLR-7838 URL: https://issues.apache.org/jira/browse/SOLR-7838 Project: Solr Issue Type: Sub-task Reporter: Noble Paul Assignee: Noble Paul Priority: Blocker Fix For: 5.3, Trunk h2. authorization plugin This would store the roles of various users and their privileges in ZK sample authorization.json {code:javascript} { authorization: { class: solr.ZKAuthorization, user-role :{ john : [admin, guest] tom : 'dev' } permissions: [ {name:collection-edit, role: admin }, {name:coreadmin, role:admin }, {name: mycoll_update, collection: mycoll, path:[/update/*], role: [guest,admin] }] } } } {code} This also supports editing of the configuration through APIs Example 1: add or remove roles {code} curl --user solr:SolrRocks http://localhost:8983/solr/admin/authorization -H 'Content-type:application/json' -d '{ set-user-role: {tom:[admin,dev}, set-user-role: {harry:null} }' {code}
[jira] [Updated] (SOLR-7838) Implement a RuleBasedAuthorizationPlugin
[ https://issues.apache.org/jira/browse/SOLR-7838?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Michael McCandless updated SOLR-7838: - Priority: Blocker (was: Major) Implement a RuleBasedAuthorizationPlugin Key: SOLR-7838 URL: https://issues.apache.org/jira/browse/SOLR-7838 Project: Solr Issue Type: Sub-task Reporter: Noble Paul Assignee: Noble Paul Priority: Blocker Fix For: 5.3, Trunk h2. authorization plugin This would store the roles of various users and their privileges in ZK sample authorization.json {code:javascript} { authorization: { class: solr.ZKAuthorization, roles :{ john : [admin] david : [guest,dev] } permissions: { collection-edit: { role: admin }, coreadmin:{ role:admin }, config-edit: { //all collections role: admin, method:POST }, schema-edit: { roles: admin, method:POST }, update: { //all collections role: dev }, mycoll_update: { collection: mycoll, path:[/update/*], role: [somebody] } } } } {code} This also supports editing of the configuration through APIs Example 1: add or remove roles {code} curl --user solr:SolrRocks http://localhost:8983/solr/admin/authorization -H 'Content-type:application/json' -d '{ set-user-role: {tom:[admin,dev}, set-user-role: {harry:null} }' {code} Example 2: add or remove permissions {code} curl --user solr:SolrRocks http://localhost:8983/solr/admin/authorization -H 'Content-type:application/json'-d '{ set-permission: { name:a-custom-permission-name, collection:gettingstarted, path:/handler-name, before: name-of-another-permission }, delete-permission:permission-name }' {code} Please note that you have to replace the whole permission each time it is edited. The API does not support editing one property at a time. Use the 'before' property to re-order your permissions Example 3: Restrict collection admin operations (writes only) to be performed by an admin only {code} curl --user solr:SolrRocks http://localhost:8983/solr/admin/authorization -H 'Content-type:application/json' -d '{ set-permission : {name:collection-admin-edit, role:admin}}' {code} -- This message was sent by Atlassian JIRA (v6.3.4#6332) - To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org For additional commands, e-mail: dev-h...@lucene.apache.org
[jira] [Updated] (SOLR-7838) Implement a RuleBasedAuthorizationPlugin
[ https://issues.apache.org/jira/browse/SOLR-7838?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Noble Paul updated SOLR-7838: - Description: h2. authorization plugin This would store the roles of various users and their privileges in ZK sample authorization.json {code:javascript} { authorization: { class: solr.ZKAuthorization, roles :{ john : [admin] david : [guest,dev] } permissions: { collection-edit: { role: admin }, coreadmin:{ role:admin }, config-edit: { //all collections role: admin, method:POST }, schema-edit: { roles: admin, method:POST }, update: { //all collections role: dev }, mycoll_update: { collection: mycoll, path:[/update/*], role: [somebody] } } } } {code} This also supports editing of the configuration through APIs Example 1: add or remove roles {code} curl --user solr:SolrRocks http://localhost:8983/solr/admin/authorization -H 'Content-type:application/json' -d '{ set-user-role: {tom:[admin,dev}, set-user-role: {harry:null} }' {code} Example 2: add or remove permissions {code} curl --user solr:SolrRocks http://localhost:8983/solr/admin/authorization -H 'Content-type:application/json'-d '{ set-permission: { name:a-custom-permission-name, collection:gettingstarted, path:/handler-name, before: name-of-another-permission }, delete-permission:permission-name }' {code} Please note that you have to replace the whole permission each time it is edited. The API does not support editing one property at a time. Use the 'before' property to re-order your permissions Example 3: Restrict collection admin operations (writes only) to be performed by an admin only {code} curl --user solr:SolrRocks http://localhost:8983/solr/admin/authorization -H 'Content-type:application/json' -d '{ set-permission : {name:collection-admin-edit, role:admin}}' {code} Implement a RuleBasedAuthorizationPlugin Key: SOLR-7838 URL: https://issues.apache.org/jira/browse/SOLR-7838 Project: Solr Issue Type: Sub-task Reporter: Noble Paul h2. authorization plugin This would store the roles of various users and their privileges in ZK sample authorization.json {code:javascript} { authorization: { class: solr.ZKAuthorization, roles :{ john : [admin] david : [guest,dev] } permissions: { collection-edit: { role: admin }, coreadmin:{ role:admin }, config-edit: { //all collections role: admin, method:POST }, schema-edit: { roles: admin, method:POST }, update: { //all collections role: dev }, mycoll_update: { collection: mycoll, path:[/update/*], role: [somebody] } } } } {code} This also supports editing of the configuration through APIs Example 1: add or remove roles {code} curl --user solr:SolrRocks http://localhost:8983/solr/admin/authorization -H 'Content-type:application/json' -d '{ set-user-role: {tom:[admin,dev}, set-user-role: {harry:null} }' {code} Example 2: add or remove permissions {code} curl --user solr:SolrRocks http://localhost:8983/solr/admin/authorization -H 'Content-type:application/json'-d '{ set-permission: { name:a-custom-permission-name, collection:gettingstarted, path:/handler-name, before: name-of-another-permission }, delete-permission:permission-name }' {code} Please note that you have to replace the whole permission each time it is edited. The API does not support editing one property at a time. Use the 'before' property to re-order your permissions Example 3: Restrict collection admin operations (writes only) to be performed by an admin only {code} curl --user solr:SolrRocks http://localhost:8983/solr/admin/authorization -H 'Content-type:application/json' -d '{ set-permission : {name:collection-admin-edit, role:admin}}' {code} -- This message was sent by Atlassian JIRA (v6.3.4#6332) - To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org For additional commands, e-mail: dev-h...@lucene.apache.org