Created on 04-19-2017 06:37 AM - edited 09-16-2022 04:28 AM
I'm interested in being able to prohibit users from interacting with, or even being aware of the existence of, specific indexes in Solr. For example, when a user in HUE looks at available indexes in HUE, they can only see the indexes they have permission to interact with.
Is this possible with the Cloudera distribution? I'm running CDH 5.10.
Thanks!!
Created 04-20-2017 03:01 PM
Created 04-19-2017 06:56 AM
You can achieve this with Apache Sentry
https://www.cloudera.com/documentation/enterprise/5-9-x/topics/sg_sentry_overview.html
Created on 04-20-2017 01:04 PM - edited 04-20-2017 01:05 PM
Can this be done at the collections/parent level in HUE/Sentry so that any time a user creates an index in Solr only the user who created it has access?
In other words, what I'm trying to avoid having to do is setting permissions each time an index is created by a user. So if a user creates an index, Sentry automatically adds/updates the appropriate permissions.
I don't see any explicit reference to this capability in the docs.
Created 04-20-2017 03:01 PM
Created 04-21-2017 06:13 AM
That is a fair question of what is 'appropriate'. I was hoping there would be an option to select a default behavior to do so. For example, upon 'usr1' creating an index, the following permission would be generated:
collection='the_new_idx"->user=usr1->action=*
I imagine other global default behaviors could exist such that the auto-generated permission sets access for new collections at a role level instead of user level.