Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Solved Go to solution

How to limit user access to Solr indexes?

Labels:
avatar
author-rank jpayne1
Contributor

Created on ‎04-19-2017 06:37 AM - edited ‎09-16-2022 04:28 AM

I'm interested in being able to prohibit users from interacting with, or even being aware of the existence of, specific indexes in Solr. For example, when a user in HUE looks at available indexes in HUE, they can only see the indexes they have permission to interact with.

 

Is this possible with the Cloudera distribution? I'm running CDH 5.10.

 

Thanks!!

3,770 Views
0 Kudos
1 ACCEPTED SOLUTION

avatar
author-rank pdvorak author-rank
Guru

Created ‎04-20-2017 03:01 PM

There isn't any current functionality to handle this. Part of the issue is, for a newly created collection, what is considered 'appropriate' permissions? Someone normally needs to determine what those are for that new specific collection

-pd

View solution in original post

3,714 Views
0 Kudos
4 REPLIES 4

avatar
saranvisa author-rank
Champion

Created ‎04-19-2017 06:56 AM

@jpayne1

 

You can achieve this with Apache Sentry

https://www.cloudera.com/documentation/enterprise/5-9-x/topics/sg_sentry_overview.html

 

3,764 Views
0 Kudos

avatar
author-rank jpayne1
Contributor

Created on ‎04-20-2017 01:04 PM - edited ‎04-20-2017 01:05 PM

Can this be done at the collections/parent level in HUE/Sentry so that any time a user creates an index in Solr only the user who created it has access?

 

In other words, what I'm trying to avoid having to do is setting permissions each time an index is created by a user. So if a user creates an index, Sentry automatically adds/updates the appropriate permissions.

 

I don't see any explicit reference to this capability in the docs.

 

3,723 Views
0 Kudos

avatar
author-rank pdvorak author-rank
Guru

Created ‎04-20-2017 03:01 PM

There isn't any current functionality to handle this. Part of the issue is, for a newly created collection, what is considered 'appropriate' permissions? Someone normally needs to determine what those are for that new specific collection

-pd
3,715 Views
0 Kudos

avatar
author-rank jpayne1
Contributor

Created ‎04-21-2017 06:13 AM

That is a fair question of what is 'appropriate'. I was hoping there would be an option to select a default behavior to do so. For example, upon 'usr1' creating an index, the following permission would be generated:

 

collection='the_new_idx"->user=usr1->action=*

 

I imagine other global default behaviors could exist such that the auto-generated permission sets access for new collections at a role level instead of user level. 

3,701 Views
0 Kudos
Announcements
What's New @ Cloudera
Cloudera DataFlow 2.9 now supports building GenAI pipelines ...
What's New @ Cloudera
Accelerate Data Scientist Productivity with Cloudera Copilot...
What's New @ Cloudera
[RELEASED] Cloudera Streaming Analytics - Kubernetes Operato...
Community Announcements
October 2024 Community Highlights
What's New @ Cloudera
Accelerate Your AI with the Cloudera AI Inference Service wi...
View More Announcements