[jira] [Updated] (SENTRY-588) The Solr schema read protection with Sentry

shenguoquan (JIRA) Wed, 17 Dec 2014 22:18:31 -0800

     [ 
https://issues.apache.org/jira/browse/SENTRY-588?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


shenguoquan updated SENTRY-588:
-------------------------------
    Issue Type: New Feature  (was: Improvement)

> The Solr schema read protection with Sentry
> -------------------------------------------
>
>                 Key: SENTRY-588
>                 URL: https://issues.apache.org/jira/browse/SENTRY-588
>             Project: Sentry
>          Issue Type: New Feature
>            Reporter: shenguoquan
>            Assignee: shenguoquan
>
> The Solr schema API allows using a REST API to get schema about the each 
> collection, including defined field types, fields, dynamic fields, and copy 
> field declarations. There exists a risk that user can get the collection 
> schema they does not access to. For example, user1 has no query privilege on 
> collection collection1, but currently the user1 can get the schema metadata 
> about collection1 as running the command: curl  
> http://localhost:8983/solr/collection1/schema It’s should deny the users get 
> the schema information that they haven’t query privilege on.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Updated] (SENTRY-588) The Solr schema read protection with Sentry

Reply via email to