{ "documentation": "https://cwiki.apache.org/confluence/display/solr/Rule-Based+Authorization+Plugin", "description": "Defines roles for accessing Solr, and assigns users to those roles. Use this API to change user authorizations to each of Solr's components.", "methods": [ "POST" ], "url": { "paths": [ "/cluster/security/authorization" ] }, "commands": { "set-permission": { "type":"object", "description": "Create a new permission, overwrite an existing permission definition, or assign a pre-defined permission to a role.", "properties": { "name":{ "type":"string", "description": "The name of the permission. The name will be used to update or delete the permission later." }, "method":{ "type":"string", "enum":["GET", "POST", "DELETE","PUT"], "description": "HTTP methods that are allowed for this permission. You could allow only GET requests, or have a role that allows PUT and POST requests. The method values that are allowed for this property are GET, POST, PUT, DELETE and HEAD." }, "collection":{ "type":"array", "items": { "type": "string" }, "description":"The collection or collections the permission will apply to. When the path that will be allowed is collection-specific, such as when setting permissions to allow use of the Schema API, omitting the collection property will allow the defined path and/or method for all collections. However, when the path is one that is non-collection-specific, such as the Collections API, the collection value must be null. In this case, two permissions may need to be created; one for collection-specific API paths allowing access to all collections, and another for non-collection-specific paths defining no collection limitations." }, "path":{ "type":"array", "items": { "type": "string" }, "description":"A request handler name, such as /update or /select. A wild card is supported, to allow for all paths as appropriate (such as, /update/*)." }, "index": { "type": "integer", "description": "The index of the permission you wish to overwrite. Skip this if it is a new permission that should be created." }, "before":{ "type": "integer", "description":"This property allows ordering of permissions. The value for this property is the name of the permission that this new permission should be placed before in security.json." }, "params":{ "type":"object", "additionalProperties":true, "description": "The names and values of request parameters. This property can be omitted if all request parameters are allowed, but will restrict access only to the values provided if defined." }, "role": { "type": "array", "items": { "type": "string", "description": "The name of the role(s) to give this permission. This name will be used to map user IDs to the role to grant these permissions. The value can be wildcard such as (*), which means that any user is OK, but no user is NOT OK." } } }, "required": [ "role" ] }, "update-permission": { "type":"object", "properties": { "name": { "type": "string", "description": "The name of the permission. The name will be used to update or delete the permission later." }, "method": { "type": "string", "description": "HTTP methods that are allowed for this permission. You could allow only GET requests, or have a role that allows PUT and POST requests. The method values that are allowed for this property are GET, POST, PUT, DELETE and HEAD." }, "collection": { "type":"array", "items": { "type": "string" }, "description": "The collection or collections the permission will apply to. When the path that will be allowed is collection-specific, such as when setting permissions to allow use of the Schema API, omitting the collection property will allow the defined path and/or method for all collections. However, when the path is one that is non-collection-specific, such as the Collections API, the collection value must be null. In this case, two permissions may need to be created; one for collection-specific API paths allowing access to all collections, and another for non-collection-specific paths defining no collection limitations." }, "path": { "type":"array", "items": { "type": "string" }, "description": "A request handler name, such as /update or /select. A wild card is supported, to allow for all paths as appropriate (such as, /update/*)." }, "index": { "type": "integer", "description": "The index of the permission you wish to overwrite." }, "before": { "type": "integer", "description": "This property allows ordering of permissions. The value for this property is the index of the permission that this new permission should be placed before in security.json." }, "role": { "type": "array", "items": { "type": "string", "description": "The name of the role(s) to give this permission. This name will be used to map user IDs to the role to grant these permissions. The value can be wildcard such as (*), which means that any user is OK, but no user is NOT OK." } }, "params": { "type": "object", "additionalProperties": true, "description": "The names and values of request parameters. This property can be omitted if all request parameters are allowed, but will restrict access only to the values provided if defined." } }, "required": [ "role", "index" ] }, "delete-permission":{ "description":"delete a permission by its index", "type":"integer" }, "set-user-role": { "type":"object", "description": "A single command allows roles to be mapped to users. To remove a user's permission, you should set the role to null. The key is always a user id and the value is one or more role names.", "additionalProperties":true } } }