[ https://issues.apache.org/jira/browse/SOLR-7838?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Noble Paul updated SOLR-7838: ----------------------------- Description: h2. authorization plugin This would store the roles of various users and their privileges in ZK sample authorization.json {code:javascript} { "authorization": { "class": "solr.ZKAuthorization", "roles" :{ "john" : ["admin"] "david" : ["guest","dev"] } "permissions": { "collection-edit": { "role": "admin" }, "coreadmin":{ "role":"admin" }, "config-edit": { //all collections "role": "admin", "method":"POST" }, "schema-edit": { "roles": "admin", "method":"POST" }, "update": { //all collections "role": "dev" }, "mycoll_update": { "collection": "mycoll", "path":["/update/*"], "role": ["somebody"] } } } } {code} This also supports editing of the configuration through APIs Example 1: add or remove roles {code} curl --user solr:SolrRocks http://localhost:8983/solr/admin/authorization -H 'Content-type:application/json' -d '{ "set-user-role": {"tom":["admin","dev"}, "set-user-role": {"harry":null} }' {code} Example 2: add or remove permissions {code} curl --user solr:SolrRocks http://localhost:8983/solr/admin/authorization -H 'Content-type:application/json'-d '{ "set-permission": { "name":"a-custom-permission-name", "collection":"gettingstarted", "path":"/handler-name", "before": "name-of-another-permission" }, "delete-permission":"permission-name" }' {code} Please note that you have to replace the whole permission each time it is edited. The API does not support editing one property at a time. Use the 'before' property to re-order your permissions Example 3: Restrict collection admin operations (writes only) to be performed by an admin only {code} curl --user solr:SolrRocks http://localhost:8983/solr/admin/authorization -H 'Content-type:application/json' -d '{ "set-permission" : {"name":"collection-admin-edit", "role":"admin"}}' {code} > Implement a RuleBasedAuthorizationPlugin > ---------------------------------------- > > Key: SOLR-7838 > URL: https://issues.apache.org/jira/browse/SOLR-7838 > Project: Solr > Issue Type: Sub-task > Reporter: Noble Paul > > h2. authorization plugin > This would store the roles of various users and their privileges in ZK > sample authorization.json > {code:javascript} > { > "authorization": { > "class": "solr.ZKAuthorization", > "roles" :{ > "john" : ["admin"] > "david" : ["guest","dev"] > } > "permissions": { > "collection-edit": { > "role": "admin" > }, > "coreadmin":{ > "role":"admin" > }, > "config-edit": { > //all collections > "role": "admin", > "method":"POST" > }, > "schema-edit": { > "roles": "admin", > "method":"POST" > }, > "update": { > //all collections > "role": "dev" > }, > "mycoll_update": { > "collection": "mycoll", > "path":["/update/*"], > "role": ["somebody"] > } > } > } > } > {code} > This also supports editing of the configuration through APIs > Example 1: add or remove roles > {code} > curl --user solr:SolrRocks http://localhost:8983/solr/admin/authorization -H > 'Content-type:application/json' -d '{ > "set-user-role": {"tom":["admin","dev"}, > "set-user-role": {"harry":null} > }' > {code} > > Example 2: add or remove permissions > {code} > curl --user solr:SolrRocks http://localhost:8983/solr/admin/authorization -H > 'Content-type:application/json'-d '{ > "set-permission": { "name":"a-custom-permission-name", > "collection":"gettingstarted", > "path":"/handler-name", > "before": "name-of-another-permission" > }, > "delete-permission":"permission-name" > }' > {code} > Please note that you have to replace the whole permission each time it is > edited. The API does not support editing one property at a time. Use the > 'before' property to re-order your permissions > Example 3: Restrict collection admin operations (writes only) to be performed > by an admin only > {code} > curl --user solr:SolrRocks http://localhost:8983/solr/admin/authorization -H > 'Content-type:application/json' -d '{ > "set-permission" : {"name":"collection-admin-edit", "role":"admin"}}' > {code} -- This message was sent by Atlassian JIRA (v6.3.4#6332) --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org For additional commands, e-mail: dev-h...@lucene.apache.org