Hi,
I'm trying to configure the Rule-Based Authorization Plugin in Solr 8.4.0
in standalone mode. My goal is to limit a user's access to one or more
designated cores. My security.json looks like this:
{
"authentication":{
"blockUnknown":true,
"class":"solr.BasicAuthPlugin",
"credentials":{
"solr":"...",
"user1":"...",
"user2":"..."},
"realm":"Solr",
"forwardCredentials":false,
"":{"v":0}},
"authorization":{
"class":"solr.RuleBasedAuthorizationPlugin",
"permissions":[
{
"name":"security-edit",
"role":"admin",
"index":1},
{
"name":"read",
"collection":"core1",
"role":"role1",
"index":2},
{
"name":"read",
"collection":"core2",
"role":"role2",
"index":3},
{
"name":"all",
"role":"admin",
"index":4}],
"user-role":{
"solr":"admin",
"user1":"role1",
"user2":"role2"},
"":{"v":0}}}
With this setup, I'm unable to read from any of the cores with either user.
If I "delete-permission":4 both users can read from either core, not just
"their" core.
I have tried custom permissions like this to no avail:
{"name": "access-core1", "collection": "core1", "role": "role1"},
{"name": "access-core2", "collection": "core2", "role": "role2"},
{"name": "all", "role": "admin"}
Is it possible to do this for cores? Or am I out of luck because I'm not
using collections?
Regards
Thomas
