Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Solved Go to solution

How to limit user access to Solr indexes?

Labels:
avatar
author-rank jpayne1
Contributor

Created on ‎04-19-2017 06:37 AM - edited ‎09-16-2022 04:28 AM

I'm interested in being able to prohibit users from interacting with, or even being aware of the existence of, specific indexes in Solr. For example, when a user in HUE looks at available indexes in HUE, they can only see the indexes they have permission to interact with.

 

Is this possible with the Cloudera distribution? I'm running CDH 5.10.

 

Thanks!!

4,110 Views
0 Kudos
0
1 ACCEPTED SOLUTION

avatar
author-rank pdvorak author-rank
Guru

Created ‎04-20-2017 03:01 PM

There isn't any current functionality to handle this. Part of the issue is, for a newly created collection, what is considered 'appropriate' permissions? Someone normally needs to determine what those are for that new specific collection

-pd

View solution in original post

4,054 Views
0 Kudos
0
4 REPLIES 4

avatar
saranvisa author-rank
Champion

Created ‎04-19-2017 06:56 AM

@jpayne1

 

You can achieve this with Apache Sentry

https://www.cloudera.com/documentation/enterprise/5-9-x/topics/sg_sentry_overview.html

 

4,104 Views
0 Kudos

avatar
author-rank jpayne1
Contributor

Created on ‎04-20-2017 01:04 PM - edited ‎04-20-2017 01:05 PM

Can this be done at the collections/parent level in HUE/Sentry so that any time a user creates an index in Solr only the user who created it has access?

 

In other words, what I'm trying to avoid having to do is setting permissions each time an index is created by a user. So if a user creates an index, Sentry automatically adds/updates the appropriate permissions.

 

I don't see any explicit reference to this capability in the docs.

 

4,063 Views
0 Kudos

avatar
author-rank pdvorak author-rank
Guru

Created ‎04-20-2017 03:01 PM

There isn't any current functionality to handle this. Part of the issue is, for a newly created collection, what is considered 'appropriate' permissions? Someone normally needs to determine what those are for that new specific collection

-pd
4,055 Views
0 Kudos
0

avatar
author-rank jpayne1
Contributor

Created ‎04-21-2017 06:13 AM

That is a fair question of what is 'appropriate'. I was hoping there would be an option to select a default behavior to do so. For example, upon 'usr1' creating an index, the following permission would be generated:

 

collection='the_new_idx"->user=usr1->action=*

 

I imagine other global default behaviors could exist such that the auto-generated permission sets access for new collections at a role level instead of user level. 

4,041 Views
0 Kudos
Announcements
Community Announcements
April 2025 Cloudera Customer Advisory: Cloudera’s response t...
What's New @ Cloudera
[RELEASED] Cloudera Streaming Analytics - Kubernetes Operato...
What's New @ Cloudera
[RELEASED] Cloudera Streams Messaging - Kubernetes Operator ...
Community Announcements
February 2025 Community Highlights
What's New @ Cloudera
3 Benefits of External IDE Connectivity, Now Available in Cl...
View More Announcements