[ https://issues.apache.org/jira/browse/SOLR-7838?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Noble Paul resolved SOLR-7838. ------------------------------ Resolution: Fixed > Implement a RuleBasedAuthorizationPlugin > ---------------------------------------- > > Key: SOLR-7838 > URL: https://issues.apache.org/jira/browse/SOLR-7838 > Project: Solr > Issue Type: Sub-task > Reporter: Noble Paul > Assignee: Noble Paul > Priority: Blocker > Fix For: 5.3, Trunk > > > h2. authorization plugin > This would store the roles of various users and their privileges in ZK > sample authorization.json > {code:javascript} > { > "authorization": { > "class": "solr.ZKAuthorization", > "user-role" :{ > "john" : ["admin", "guest"] > "tom" : 'dev' > } > "permissions": [ > {"name":"collection-edit", > "role": "admin" > }, > {"name":"coreadmin", > "role":"admin" > }, > {"name": "mycoll_update", > "collection": "mycoll", > "path":["/update/*"], > "role": ["guest","admin"] > }] > } > } > } > {code} > This also supports editing of the configuration through APIs > Example 1: add or remove roles > {code} > curl --user solr:SolrRocks http://localhost:8983/solr/admin/authorization -H > 'Content-type:application/json' -d '{ > "set-user-role": {"tom":["admin","dev"}, > "set-user-role": {"harry":null} > }' > {code} > > Example 2: add or remove permissions > {code} > curl --user solr:SolrRocks http://localhost:8983/solr/admin/authorization -H > 'Content-type:application/json'-d '{ > "set-permission": { "name":"a-custom-permission-name", > "collection":"gettingstarted", > "path":"/handler-name", > "before": "name-of-another-permission" > }, > "delete-permission":"permission-name" > }' > {code} > Use the 'before' property to re-order your permissions > Example 3: Restrict collection admin operations (writes only) to be performed > by an admin only > {code} > curl --user solr:SolrRocks http://localhost:8983/solr/admin/authorization -H > 'Content-type:application/json' -d '{ > "set-permission" : {"name":"collection-admin-edit", "role":"admin"}}' > {code} -- This message was sent by Atlassian JIRA (v6.3.4#6332) --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org For additional commands, e-mail: dev-h...@lucene.apache.org