CODEWITHSUNDEEP
solrlucenesolr4solrconfig
Paulius Matulionis
Paulius Matulionis

Reputation: 23415

Allow SOLR core only for a single user

I can't find any information on how to allow access to specific SOLR core just for a single user. I am using SOLR7. This is what I've got:

security.json

{
  "authentication": {
    "blockUnknown": true,
    "class": "solr.BasicAuthPlugin",
    "credentials": {
      "test_admin": "xxx",
      "infographics": "xxx",
      "test_user": "xxx"
    },
    "": {
      "v": 0
    }
  },
  "authorization": {
    "class": "solr.RuleBasedAuthorizationPlugin",
    "permissions": [
      {
        "name": "all",
        "role": "admin",
        "index": 1
      },
      {
        "name": "update",
        "role": "general",
        "index": 2
      },
      {
        "name": "read",
        "role": [
          "general",
          "infographics",
          "test_user"
        ],
        "index": 3
      },
      {
        "name": "collection-admin-read",
        "role": "general",
        "index": 4
      },
      {
        "name": "core-admin-read",
        "role": "general",
        "index": 5
      },
      {
        "name": "core-specific-permission",
        "collection": "test-core",
        "role": "test_user",
        "before": 3,
        "index": 6
      }
    ],
    "user-role": {
      "test_admin": [
        "admin",
        "general"
      ],
      "infographics": "infographics",
      "test_user": "test_user"
    },
    "": {
      "v": 0
    }
  }
}

I've added a permission for collection "test-core":

  {
    "name": "core-specific-permission",
    "collection": "test-core",
    "role": "test_user",
    "before": 3,
    "index": 6
  }

I authenticate with test_user when calling: /solr/test-core/select?q=*:*, this works fine, but it also can access other cores, for e.g.: /solr/other-core/select?q=*:*.

If I remove test_user from read permission:

      {
        "name": "read",
        "role": [
          "general",
          "infographics"
        ],
        "index": 3
      },

then I am not able to query any core. Getting 403. For test_user I'd like to allow access to only this core /solr/test-core/select?q=*:* and nothing else. Any idea how can I achieve this?

Upvotes: 1

Views: 762

Answers (0)

Related Questions