janhoy commented on PR #4534: URL: https://github.com/apache/solr/pull/4534#issuecomment-4779653425
> One thing I wonder about, superadmin has the security-edit, but nothing else. Is having a superadmin really worth it? Granting security seems like an admin thing. I guess it's fine... Fair question. Superadmin can modify security settings and disable security. The `admin` role can do lots of admin stuff like collection, configset etc, but it makes sense to not also open the door for security edit. One thing I asked myself the other day is the `security-read` permission. It is currently assigned to `admin` role, meaning all admins can read `security.json` but not modify it. I **think** this is an ok default since our security model demands or will demand that **admin** users are trusted. Thanks for the review, I'll merge... PS: Will you file a bug for "ERROR: Index 0 out of bounds for length 0"? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
