Mapping Sentry permissions for Solr to Ranger policies
Use the mapping reference table to create Ranger policies that reflect the privileges defined for Solr in your Sentry permissions.
Sentry has the following objects for Solr:
- admin
- collection
- config
- schema
The admin object type controls access to administrative actions through the following privilege objects:
- collection
- cores
- security
- metrics
- autoscaling
Ranger has only one object right now, which is collection. Permissions for collections are of type:
- SolrAdmin
- Query
- Update
- Other
Sentry privilege | Ranger policy |
---|---|
Collections | |
admin=collections - action=UPDATE collection=<aliasName> - action=UPDATE |
All collections - permission SolrAdmin |
admin=collections - action=UPDATE collection=<collectionName> - action=UPDATE |
Policy for <collectionName>, permissions: SolrAdmin |
admin=collections - action=UPDATE | All collections - permissions: SolrAdmin |
admin=collections - action=QUERY collection=<collectionName> - action=QUERY |
Policy for <collectionName> - permissions: SolrAdmin |
Cores | |
admin=cores - action=UPDATE collection=<coreName> - action=UPDATE |
All collections - permission: SolrAdmin |
admin=cores - action=QUERY collection=<coreName> - action=QUERY |
All collections - permission: SolrAdmin |
Configs | |
config=<configName> - action=* | All collections = permission: SolrAdmin |
Non-Administrative | |
collection=<collectionName> - action=QUERY | Policy for <collectionName> - permissions: Query, Others |
collection=<collectionName> - action=UPDATE | Policy for <collectionName> - permissions: Update |