Support Questions

Find answers, ask questions, and share your expertise

Row level security in SOLR using Atlas/Ranger

New Contributor

There are several questions here ("document level security in SOLR using Ranger") and here ("atlas ranger row level filtering based on tag attr") which indicate that row/document level security in SOLR is not possible using hortonworks components, but may be possible with ManifoldCF.

Are there any features in the Hortonworks product, not using third party components, which would allow us to implement row level security in SOLR? I have heard that using "hooks and bridges" will achieve this goal against documents with specific tags.



@Matthew Shipton

Hi Matthew,

I have a similar requirement. ManifoldCF will do what you need as far as I know. It didn't seem to be a very active project however. Ranger (0.7.0) has a solr plug-in which provides access control at the collection level and I believe it also requires Kerberos to be enabled to work. For us this requirement means we need to implement a cross realm trust with our MS domains to get to the solr UI and it starts getting complex requiring the involvement of multiple external teams. The approach I am currently pursuing is a proxy to intercept the rest calls and insert a filter query param.The solr documents need to have an attribute with the values and you can filter on those. I'm not sure if this is what is meant by "hooks and bridges"

I am looking at using Lucidworks Fusion at the moment. I'm not entirely certain but I think it is a commercialised version of ManifoldCF. If this doesn't work out I'll probably end implementing a wrapper for Solr that does what I need. If you come across any better solution please share.

Hope this helps