Hi,
It looks like this issue I opened a long time ago.
https://issues.apache.org/jira/browse/SOLR-13097
Regards
Dominique
Le lun. 31 août 2020 à 23:02, Thomas Corthals <tho...@klascement.net> a
écrit :
> Hi,
>
> I'm trying to configure the Rule-Based Authorization Plugin in Solr 8.4.0
> in standalone mode. My goal is to limit a user's access to one or more
> designated cores. My security.json looks like this:
>
> {
> "authentication":{
> "blockUnknown":true,
> "class":"solr.BasicAuthPlugin",
> "credentials":{
> "solr":"...",
> "user1":"...",
> "user2":"..."},
> "realm":"Solr",
> "forwardCredentials":false,
> "":{"v":0}},
> "authorization":{
> "class":"solr.RuleBasedAuthorizationPlugin",
> "permissions":[
> {
> "name":"security-edit",
> "role":"admin",
> "index":1},
> {
> "name":"read",
> "collection":"core1",
> "role":"role1",
> "index":2},
> {
> "name":"read",
> "collection":"core2",
> "role":"role2",
> "index":3},
> {
> "name":"all",
> "role":"admin",
> "index":4}],
> "user-role":{
> "solr":"admin",
> "user1":"role1",
> "user2":"role2"},
> "":{"v":0}}}
>
> With this setup, I'm unable to read from any of the cores with either user.
> If I "delete-permission":4 both users can read from either core, not just
> "their" core.
>
> I have tried custom permissions like this to no avail:
> {"name": "access-core1", "collection": "core1", "role": "role1"},
> {"name": "access-core2", "collection": "core2", "role": "role2"},
> {"name": "all", "role": "admin"}
>
> Is it possible to do this for cores? Or am I out of luck because I'm not
> using collections?
>
> Regards
>
> Thomas
>
