Uploaded image for project: 'Solr'
  1. Solr
  2. SOLR-15770

Clarify Authorization documentation

    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Open
    • Major
    • Resolution: Unresolved
    • None
    • None
    • documentation
    • None

    Description

      The docs at https://solr.apache.org/guide/8_10/rule-based-authorization-plugin.html#permission-ordering-and-resolution is correct, but there is still lots of confusion and even bug reports and vulnearbility reports based on this.

      Ref Guide (and even Security UI) should spell out the following

      • Edit permissions do not imply Read permissions. In fact, no permission imply any other
      • You do need an "ALL" permission at the end of your permission chain if you want explicit control of all endpoints

      Attachments

        Issue Links

          is related to

          Bug - A problem which impairs or prevents the functions of the product. SOLR-15771 bin/solr auth enable should model best practices for security.json

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Closed

          Activity

            People

              Unassigned Unassigned
              janhoy Jan Høydahl
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated: