ranger-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Stefan Kupstaitis-Dunkler (JIRA)" <j...@apache.org>
Subject [jira] [Created] (RANGER-2178) Ranger Solr Plugin fails to execute policy when multiple collections are queried
Date Wed, 01 Aug 2018 07:41:00 GMT
Stefan Kupstaitis-Dunkler created RANGER-2178:
-------------------------------------------------

             Summary: Ranger Solr Plugin fails to execute policy when multiple collections
are queried
                 Key: RANGER-2178
                 URL: https://issues.apache.org/jira/browse/RANGER-2178
             Project: Ranger
          Issue Type: Bug
          Components: plugins
            Reporter: Stefan Kupstaitis-Dunkler


How to reproduce:

2 Solr collections: col1 and col2
1 user: myuser
1 Ranger policy: user: "myuser", access type: "Read", "Write", resources/collections: "col1",
"col2"

query of col1 returns content of col1 and logs event successfully in Ranger audit.
```
curl -k --negotiate -u : "http://solr_url:solr_port/solr/col1/search?q=*"
```

query of col2 returns content of col2 and logs it successfully in Ranger audit.
```
curl -k --negotiate -u : "http://solr_url:solr_port/solr/col2/search?q=*"
```

query of col1 *and* col2 will return a "403 Unauthorized request":
```
curl -k --negotiate -u : "http://solr_url:solr_port/solr/col1/select?q=*&collections=col1,col2"
```
In Ranger audit we now see 3 lines:
* user: myuser, resource: col1,col2, Result: Denied
* user: myuser, resource: col1, Result: Allowed
* user: myuser, resource: col2, Result: Allowed

Expectation would be that query is successfull!

The use case/business case is Metron, which queries Solr in this specific way!

 



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Mime
View raw message