Hi, I'm trying to configure the Rule-Based Authorization Plugin in Solr 8.4.0 in standalone mode. My goal is to limit a user's access to one or more designated cores. My security.json looks like this:
{ "authentication":{ "blockUnknown":true, "class":"solr.BasicAuthPlugin", "credentials":{ "solr":"...", "user1":"...", "user2":"..."}, "realm":"Solr", "forwardCredentials":false, "":{"v":0}}, "authorization":{ "class":"solr.RuleBasedAuthorizationPlugin", "permissions":[ { "name":"security-edit", "role":"admin", "index":1}, { "name":"read", "collection":"core1", "role":"role1", "index":2}, { "name":"read", "collection":"core2", "role":"role2", "index":3}, { "name":"all", "role":"admin", "index":4}], "user-role":{ "solr":"admin", "user1":"role1", "user2":"role2"}, "":{"v":0}}} With this setup, I'm unable to read from any of the cores with either user. If I "delete-permission":4 both users can read from either core, not just "their" core. I have tried custom permissions like this to no avail: {"name": "access-core1", "collection": "core1", "role": "role1"}, {"name": "access-core2", "collection": "core2", "role": "role2"}, {"name": "all", "role": "admin"} Is it possible to do this for cores? Or am I out of luck because I'm not using collections? Regards Thomas