Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

How to limit user access to Solr indexes?

Solved Go to solution

How to limit user access to Solr indexes?

Explorer

I'm interested in being able to prohibit users from interacting with, or even being aware of the existence of, specific indexes in Solr. For example, when a user in HUE looks at available indexes in HUE, they can only see the indexes they have permission to interact with.

 

Is this possible with the Cloudera distribution? I'm running CDH 5.10.

 

Thanks!!

1 ACCEPTED SOLUTION

Accepted Solutions

Re: How to limit user access to Solr indexes?

Super Collaborator
There isn't any current functionality to handle this. Part of the issue is, for a newly created collection, what is considered 'appropriate' permissions? Someone normally needs to determine what those are for that new specific collection

-pd
4 REPLIES 4
Highlighted

Re: How to limit user access to Solr indexes?

Champion

Re: How to limit user access to Solr indexes?

Explorer

Can this be done at the collections/parent level in HUE/Sentry so that any time a user creates an index in Solr only the user who created it has access?

 

In other words, what I'm trying to avoid having to do is setting permissions each time an index is created by a user. So if a user creates an index, Sentry automatically adds/updates the appropriate permissions.

 

I don't see any explicit reference to this capability in the docs.

 

Re: How to limit user access to Solr indexes?

Super Collaborator
There isn't any current functionality to handle this. Part of the issue is, for a newly created collection, what is considered 'appropriate' permissions? Someone normally needs to determine what those are for that new specific collection

-pd

Re: How to limit user access to Solr indexes?

Explorer

That is a fair question of what is 'appropriate'. I was hoping there would be an option to select a default behavior to do so. For example, upon 'usr1' creating an index, the following permission would be generated:

 

collection='the_new_idx"->user=usr1->action=*

 

I imagine other global default behaviors could exist such that the auto-generated permission sets access for new collections at a role level instead of user level.