Authorization Privilege Model for Cloudera Search
Sentry privileges for Cloudera Search are constructed as follows:
<objectType>=<specificObject>->action=<action>
For example, the following privilege grants write access (UPDATE) to the tweets collection:
collection=tweets->action=UPDATE
Using Sentry with Cloudera Search, you can control access the following privilege object types:
- admin
- collection
- config
- schema
The admin object type controls access to administrative actions through the following privilege objects:
- collections - Controls access to the Collections API
- cores - Controls access to the CoreAdmin API
- security - Controls access to Solr security configurations (the security.json file in ZooKeeper)
- metrics - Controls access to the Metrics API
- autoscaling - Controls access to the Autoscaling API
Privilege objects can be granted the following privileges:
- QUERY: Read access
- UPDATE: Write access (including delete)
- *: Read and write access
If no privileges are granted, no access is possible. For example, accessing the Solr Admin UI requires the QUERY privilege. If no users are granted the QUERY privilege, no access to the Solr Admin UI is possible.
Non-administrative requests may only require privileges on the specific collection or config on which the request is being performed.
Administrative requests may require privileges for both the specific admin object and the collection. This is denoted as admin=<adminObject>, collection=<collectionName> in the tables below.
| Required Privileges | Collections API Action |
|---|---|
admin=collections->action=UPDATE collection=<aliasName>->action=UPDATE |
CREATEALIAS |
| DELETEALIAS | |
admin=collections->action=UPDATE collection=<collectionName>->action=UPDATE |
CREATE |
| DELETE | |
| MODIFYCOLLECTION | |
| RELOAD | |
| CREATESHARD | |
| DELETESHARD | |
| SPLITSHARD | |
| SYNCSHARD | |
| CREATESNAPSHOT | |
| DELETESNAPSHOT | |
| RESTORE | |
| ADDREPLICA | |
| DELETEREPLICA | |
| MOVEREPLICA | |
| ADDREPLICAPROP | |
| DELETEREPLICAPROP | |
| MIGRATESTATEFORMAT | |
| FORCELEADER | |
| REBALANCELEADERS | |
| BALANCESHARDUNIQUE | |
| MIGRATE (Destination Collection) | |
admin=collections->action=UPDATE |
ADDROLE |
| REMOVEROLE | |
| CLUSTERPROP | |
| DELETESTATUS | |
| DELETENODE | |
| REPLACENODE | |
admin=collections->action=QUERY collection=<collectionName>->action=QUERY |
LISTSNAPSHOTS |
| BACKUP | |
| MIGRATE (Source Collection) | |
admin=collections->action=QUERY |
LIST |
| LISTALIASES | |
| REQUESTSTATUS | |
| OVERSEERSTATUS | |
| CLUSTERSTATUS |
| Required Privileges | CoreAdmin API Action |
|---|---|
admin=cores->action=UPDATE collection=<coreName>->action=UPDATE |
CREATE |
| RENAME | |
| UNLOAD | |
| RELOAD | |
| SWAP | |
| MERGEINDEXES | |
| SPLIT | |
| PREPRECOVERY | |
| REQUESTRECOVERY | |
| REQUESTSYNCSHARD | |
| REQUESTAPPLYUPDATES | |
| REQUESTBUFFERUPDATES | |
| REQUESTAPPLYUPDATES | |
| REQUESTSYNCSHARD | |
| REJOINLEADERELECTION | |
| PREPRECOVERY | |
| FORCEPREPAREFORLEADERSHIP | |
| CREATESNAPSHOT | |
| DELETESNAPSHOT | |
| RESTORECORE | |
admin=cores->action=QUERY collection=<coreName>->action=QUERY |
LISTSNAPSHOTS |
| STATUS | |
| BACKUPCORE |
| Required Privileges | Config API Action |
|---|---|
config=<configName>->action=* |
CREATE |
| DELETE |
Solr Authorization Privilege Model Changes in CDH 6
The Solr authorization privilege model for Sentry in CDH 6 replaces the special admin collection with a new admin privilege object type. The admin object type supports the following privilege objects, allowing you to control access to different types of administrative operations separately:
- collections - Controls access to the Collections API
- cores - Controls access to the CoreAdmin API
- security - Controls access to Solr security configurations (the security.json file in ZooKeeper)
- metrics - Controls access to the Metrics API
- autoscaling - Controls access to the Autoscaling API
The admin collection in CDH 5 is the equivalent of the admin=collections and admin=cores privilege objects in CDH 6. The following table shows equivalent Sentry permissions in CDH 5 and CDH 6:
| CDH 5 Privilege Rule | CDH 6 Privilege Rule |
|---|---|
| collection=admin->action=* |
admin=collections->action=* admin=cores->action=* |
| collection=admin->action=update |
admin=collections->action=update admin=cores->action=update |
config=myConfig->action=* collection=admin->action=update |
config=myConfig->action=* |
| collection=*->action=* |
admin=collections->action=* admin=cores->action=* collection=*->action=* |
Sentry in CDH 6 supports collection, admin, config, and schema privilege object types for Solr. For more information about the authorization privilege model for Cloudera Search, see Authorization Privilege Model for Cloudera Search.