Cloudera Docs

Configuring Ranger authorization for Solr service

By default, the Solr service is not configured for authorization by Ranger. You can configure authorization manually, using Cloudera Manager.

Minimum Required Role: Cluster Administrator (also provided by Full Administrator) This feature is not available when using Cloudera Manager to manage Data Hub clusters.

  1. In the Cloudera Manager Admin Console, go to the Ranger service.
  2. On the Service Manager page, click Add next to Solr.


  3. Enter the following information on the Create Service page:

    Service Details

    Field name Description
    Service Name

    Assign a name to the Solr service you want to create.

    Note down the value you define here. You need to enter it later, when specifying the ranger.plugin.solr.service.name parameter in the Solr Service Advanced Configuration Snippet (Safety Valve) for ranger-solr-security.xml option.
    Active Status Enabled
    Select Tag Service Select cm_tag.

    Configuration Properties

    Field name Description
    Username You can assign any value. For this use case, this property bears no importance.
    Password You can assign any value. For this use case, this property bears no importance.
    Solr URL You can assign any value. For this use case, this property bears no importance.
    Add new configurations

    Add the following new configurations:

    • policy.download.auth.users = solr

    • tag.download.auth.users = solr
  4. Click Save.
  5. Click on the name of the newly added service.
  6. Under Action click Edit.
  7. In Allow Conditions > Select User dropdown select hue.
    This is necessary because the Hue service breaks if it has no permission to access Solr.

    To keep the cluster accessible to non-admin users, you can add other users to the default policy or you can define additional policies.

  8. In the Cloudera Manager Admin Console, go to the Solr service.
  9. Click the Configuration tab.
  10. In the Search field start typing ‘safety’
  11. Click Add under Solr Service Advanced Configuration Snippet (Safety Valve).
  12. Define the following:
    Key
    ranger.plugin.solr.service.name
    Value

    The Solr Service Name you assigned when creating the Solr service in Ranger.

  13. Click Save Changes.
  14. Click the Status tab to refresh the window.
  15. Click the Stale Configuration: Restart needed indicator on top of the page.
  16. Click Restart Stale Services.
  17. Click Restart Now.