The Admin UI fetches user's list of roles and permissions from the /admin/info/system API, and use it to enable/disable various parts of the UI.
The lists are assembed by SystemInfoHandler, and work well for permissions assigned to one or more roles. However, Solr's security system also has two special type of roles that can be assigned to permissions:
- null role: Means that no authentication is needed at all (if blockUnknown=false)
- * role: Wildcard role meaning a user with any role, i.e. any authenticated user, will have the permission
This is handled correctly by the backend, but the list of permissions returned by /admin/info/system lacks these permissions.