Hi Sotiris, First, what version of Solr are you running? We've made some fixes recently (esp. SOLR-13355) to RBAP, and they might affect the behavior you're seeing or any fixes we can recommend.
Second, the order of permissions in security.json has a huge effect on how . Solr always uses the first permission rule that matches a given API...later rules are ignored if a match is found in earlier ones. The first rule in your permissions block ({"name": "all", "role": "admin"}) will match all APIs and will only allow requests through if the requesting user has the "admin" role. So "user" being unable to query an alias makes sense. Usually "all" and other catchall permissions are best used at the very bottom of your permissions list. That way the catchall is the last rule to be checked, giving other rules a chance to match first. Hope that helps. Jason On Wed, May 22, 2019 at 6:21 AM Sotiris Fragkiskos <sfra...@gmail.com> wrote: > > Hi everyone! > I've been trying unsuccessfully to read an alias to a collection with a > curl command. > The command only works when I put in the admin credentials, although the > user I want access for also has the required role for accessing. > Is this perhaps built-in, or should anyone be able to access an alias from > the API? > > The command I'm using is: > curl http:// > <user>:<pass>@<solrhostname>/solr/<AliasName>/select?q=<field>:<value> > This fails for the user but succeeds for the admin > > My minimum working example of security.json follows. > Many thanks! > > { > "authentication":{ > "blockUnknown":true, > "class":"solr.BasicAuthPlugin", > "credentials":{ > "admin":"blahblahblah", > "user":"blahblah"}, > "":{"v":13}}, > "authorization":{ > "class":"solr.RuleBasedAuthorizationPlugin", > "permissions":[ > { > "name":"all", > "role":"admin", > "index":1}, > { > "name":"readColl", > "collection":"Coll", > "path":"/select/*", > "role":"readColl", > "index":2}, > { > "name":"readSCollAlias", > "collection":"sCollAlias", > "path":"/select/*", > "role":"readSCollAlias", > "index":3}], > "user-role":{ > "admin":[ > "admin", > "readSCollAlias"], > "user":["readSCollAlias"]}, > "":{"v":21}}}