Support Questions
Find answers, ask questions, and share your expertise

What operations are permitted on Solr for a user that has the 'Others' permission assigned on Ranger?

What operations are permitted on Solr for a user that has the 'Others' permission assigned on Ranger?

New Contributor

For the Ranger Solr plugin, by default there are 4 permission levels -

Solr Admin, Query, Update and Others.

I understand that these values correspond to a group of in-built Solr permissions. I would like to know which Solr permissions are assigned to each of the Ranger permission levels.

Also, Does anyone know the operations that would be permitted to a user who has the permission 'Others'?

Thanks.

2 REPLIES 2
Highlighted

Re: What operations are permitted on Solr for a user that has the 'Others' permission assigned on Ranger?

@Jimmy Cao

The Admin permission allows you to manage collections (create, delete, snapshot, etc).

The Query permission allows you submit queries to Solr collections (read-only access).

The Update permission allows you submit updates to Solr collections (read and write access).

The Others permission is any permission that doesn't fall under the 3 listed above. I know that is vague, but the documentation is lacking on that permission. Here is links to the code:

https://github.com/apache/ranger/blob/eb21ea6afb9f2ca0e26a769bfc6333ba3cce0e61/plugin-solr/src/main/...

Look at the end of the file:

String mapToRangerAccessType(AuthorizationContext context) {
  String accessType = ACCESS_TYPE_OTHERS;


  RequestType requestType = context.getRequestType();
  if (RequestType.ADMIN.equals(requestType)) {
    accessType = ACCESS_TYPE_ADMIN;
  } else if (RequestType.READ.equals(requestType)) {
    accessType = ACCESS_TYPE_QUERY;
  } else if (RequestType.WRITE.equals(requestType)) {
    accessType = ACCESS_TYPE_UPDATE;
  } else if (RequestType.UNKNOWN.equals(requestType)) {
    logger.info("UNKNOWN request type. Mapping it to " + accessType
        + ". Resource=" + context.getResource());
    accessType = ACCESS_TYPE_OTHERS;
  } else {
    logger.info("Request type is not supported. requestType="
        + requestType + ". Mapping it to " + accessType
        + ". Resource=" + context.getResource());
  }
  return accessType;
}
Highlighted

Re: What operations are permitted on Solr for a user that has the 'Others' permission assigned on Ranger?

New Contributor

Thanks @Michael Young. That helps a lot.

Under the org.apache.solr.security.AuthorizationContext class for Solr, the enum RequestType has been defined which could take one of the following values -

{READ, WRITE, ADMIN, UNKNOWN}

Solr has the following pre-defined permissions -

security-edit, security-read, schema-edit, schema-read, config-edit, core-admin-read, core-admin-edit, config-read, collection-admin-edit, collection-admin-read, update, read, all

Does anyone know if a combination of these permissions are mapped to the RequestType enum values?