From what I remember, you can set a custom permission for a specific user to be able to delete a collection, or not allow anyone to delete a specific collection.
Check out the “user defined permissions” section here: https://lucidworks.com/2015/08/17/securing-solr-basic-auth-permission-rules/ <https://lucidworks.com/2015/08/17/securing-solr-basic-auth-permission-rules/> -Anshum > On Dec 13, 2017, at 7:20 AM, Shawn Heisey <apa...@elyograg.org> wrote: > > On 12/12/2017 1:23 PM, Anshum Gupta wrote: >> You might want to explore Rule based authorization in Solr and stop >> non-admin users from deleting collections etc. Here’s the link to the >> documentation: >> https://lucene.apache.org/solr/guide/6_6/rule-based-authorization-plugin.html > > Because I've never used the authentication plugins, I have to ask: What > kind of granularity does this offer? Can it protect individual > collections from being deleted, while allowing others to be deleted? > When I read the documentation, I see something saying that the > permission affects ALL collections, so I suspect that kind of > granularity is not possible. > > If authorization can be extended to allow per-collection permissions, > that is one way to handle the use case, if the admin is already using > authentication on their Solr instances. I don't use authentication, and > it would be quite painful for my ecosystem if I were to turn it on, so I > would want to have something else available to protect collections from > API actions. > > Thanks, > Shawn >
signature.asc
Description: Message signed with OpenPGP
