Hi;

I'm using Solr 8.5.0.

I'm having trouble setting up some permissions using the rule-based 
authorization plugin: 
https://lucene.apache.org/solr/guide/8_5/rule-based-authorization-plugin.html

I have 3 users: "admin", "search", and "indexer".

I have set permissions and user roles:
"permissions": [  {  "name": "all", "role": "admin", "index": 1  },
      { "name": "admin-luke", "collection": "*", "role": "luke", "index": 2, 
"path": "/admin/luke"  },
      { "name": "read", "role": "searching", "index": 3  },
      {  "name": "update", "role": "indexing", "index": 4 }    ],
    "user-role": {  "admin": "admin",
      "search": ["searching","luke"],
      "indexer": "indexing"   }  }
Attached: full output of GET /admin/authorization

So why can't user "indexer" add anything in a collection ?  I always get HTTP 
403 Forbidden.
Using Postman, I click the checkbox to show the password, so I'm sure I typed 
the right one.

Note that user "search" can't use the /select handler either, as should be the 
case with permission to "read".   This user can, however, use the Luke handler, 
as the custom permission allows.

User "admin" can use any API.  So at least the predefined permission "all" does 
work.

Note that the collections were created before enabling authentication and 
authorization.  Could that be the cause of the permission issues ?

Thanks;

Isabelle Giguère
Computational Linguist & Java Developer
Linguiste informaticienne & développeur java


Attachment: permissions.json
Description: permissions.json

Reply via email to