Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Solved Go to solution

How to limit user access to Solr indexes?

Labels:
avatar
author-rank jpayne1
Contributor

Created on ‎04-19-2017 06:37 AM - edited ‎09-16-2022 04:28 AM

I'm interested in being able to prohibit users from interacting with, or even being aware of the existence of, specific indexes in Solr. For example, when a user in HUE looks at available indexes in HUE, they can only see the indexes they have permission to interact with.

 

Is this possible with the Cloudera distribution? I'm running CDH 5.10.

 

Thanks!!

3,819 Views
0 Kudos
1 ACCEPTED SOLUTION

avatar
author-rank pdvorak author-rank
Guru

Created ‎04-20-2017 03:01 PM

There isn't any current functionality to handle this. Part of the issue is, for a newly created collection, what is considered 'appropriate' permissions? Someone normally needs to determine what those are for that new specific collection

-pd

View solution in original post

3,763 Views
0 Kudos
4 REPLIES 4

avatar
saranvisa author-rank
Champion

Created ‎04-19-2017 06:56 AM

@jpayne1

 

You can achieve this with Apache Sentry

https://www.cloudera.com/documentation/enterprise/5-9-x/topics/sg_sentry_overview.html

 

3,813 Views
0 Kudos

avatar
author-rank jpayne1
Contributor

Created on ‎04-20-2017 01:04 PM - edited ‎04-20-2017 01:05 PM

Can this be done at the collections/parent level in HUE/Sentry so that any time a user creates an index in Solr only the user who created it has access?

 

In other words, what I'm trying to avoid having to do is setting permissions each time an index is created by a user. So if a user creates an index, Sentry automatically adds/updates the appropriate permissions.

 

I don't see any explicit reference to this capability in the docs.

 

3,772 Views
0 Kudos

avatar
author-rank pdvorak author-rank
Guru

Created ‎04-20-2017 03:01 PM

There isn't any current functionality to handle this. Part of the issue is, for a newly created collection, what is considered 'appropriate' permissions? Someone normally needs to determine what those are for that new specific collection

-pd
3,764 Views
0 Kudos

avatar
author-rank jpayne1
Contributor

Created ‎04-21-2017 06:13 AM

That is a fair question of what is 'appropriate'. I was hoping there would be an option to select a default behavior to do so. For example, upon 'usr1' creating an index, the following permission would be generated:

 

collection='the_new_idx"->user=usr1->action=*

 

I imagine other global default behaviors could exist such that the auto-generated permission sets access for new collections at a role level instead of user level. 

3,750 Views
0 Kudos
Announcements
What's New @ Cloudera
Cloudera Data Engineering 1.23: Access Spark from Your Favor...
What's New @ Cloudera
HBase REST server scaling support is Generally Available
What's New @ Cloudera
New CLI option in the update-database command
What's New @ Cloudera
New Action menu item in the Cloudera Operational Database UI
What's New @ Cloudera
Get the list of supported instance types in the Cloudera Ope...
View More Announcements