Hi,
I hope that this question wasn't answered already, but I couldn't find what
I was looking for in the archives.
I'm having a hard time to use solr with the BasicAuth and
RoleBasedAuthorization plugins.
The auth part works well but I have issues with the RoleBasedAuthorization
part. I'd like to have an admin role and a readonly one. I have two users,
each having one role. However both of them can create cores, delete
documents etc...
Here's my security.json:
{
"authentication": {
"blockUnknown": true,
"class": "solr.BasicAuthPlugin",
"credentials": {
"adminuser": "adminpwd",
"readuser": "readpwd"
}
},
"authorization": {
"class": "solr.RuleBasedAuthorizationPlugin",
"permissions": [
{
"name": "read",
"role": "readonly"
},
{
"name": "security-edit",
"role": "admin"
}
],
"user-role": {
"readuser": "readonly",
"adminuser": "admin"
}
}
}
I tried that with Solr 7.7.0 and 8.0.0, in cloud and standalone mode. I
can't figure out why the readuser can delete documents.
Any help is appreciated!
Thanks,
Jeremy
