I can't say I followed your entire example, but I think you're running
into a couple of issues:
1) Users don't get any roles by default. So, when you initial setup
includes this:
{
"name": "all",
"role": "all"
}
but nobody has the "all" role, it doesn't surprise me that it rejected
your request.
2) Roles are not hierarchical. Again looking at your initial configuration
file, giving the "solr" user the "admin" role only gives it access to the
security-edit functionality. It won't have access to anything else. Even
though "admin" might imply access to everything or all roles, it doesn't
actually mean anything. It is just a name. The applies to the "all" role
as well.
3) Rules are checked in order, and the first matching rule is utilized. In
that first example again, the "all" rule is going to match any request, so
basically it is like the rules underneath it don't exist. Solr will never
even consider them, as a request would match the "all" rule first. You
need to order rules where you put the most specific rules first and the
most general ones last.
- Brian Vanecek
**
This email and any attachments may contain information that is confidential
and/or privileged for the sole use of the intended recipient. Any use, review,
disclosure, copying, distribution or reliance by others, and any forwarding of
this email or its contents, without the express permission of the sender is
strictly prohibited by law. If you are not the intended recipient, please
contact the sender immediately, delete the e-mail and destroy all copies.
**
