Reply
Explorer
Posts: 11
Registered: ‎03-17-2017
Accepted Solution

How to limit user access to Solr indexes?

I'm interested in being able to prohibit users from interacting with, or even being aware of the existence of, specific indexes in Solr. For example, when a user in HUE looks at available indexes in HUE, they can only see the indexes they have permission to interact with.

 

Is this possible with the Cloudera distribution? I'm running CDH 5.10.

 

Thanks!!

Posts: 376
Topics: 11
Kudos: 58
Solutions: 32
Registered: ‎09-02-2016

Re: How to limit user access to Solr indexes?

Explorer
Posts: 11
Registered: ‎03-17-2017

Re: How to limit user access to Solr indexes?

[ Edited ]

Can this be done at the collections/parent level in HUE/Sentry so that any time a user creates an index in Solr only the user who created it has access?

 

In other words, what I'm trying to avoid having to do is setting permissions each time an index is created by a user. So if a user creates an index, Sentry automatically adds/updates the appropriate permissions.

 

I don't see any explicit reference to this capability in the docs.

 

Cloudera Employee
Posts: 198
Registered: ‎01-09-2014

Re: How to limit user access to Solr indexes?

There isn't any current functionality to handle this. Part of the issue is, for a newly created collection, what is considered 'appropriate' permissions? Someone normally needs to determine what those are for that new specific collection

-pd
Highlighted
Explorer
Posts: 11
Registered: ‎03-17-2017

Re: How to limit user access to Solr indexes?

That is a fair question of what is 'appropriate'. I was hoping there would be an option to select a default behavior to do so. For example, upon 'usr1' creating an index, the following permission would be generated:

 

collection='the_new_idx"->user=usr1->action=*

 

I imagine other global default behaviors could exist such that the auto-generated permission sets access for new collections at a role level instead of user level. 

Announcements