Jan Høydahl created SOLR-15770:
----------------------------------
Summary: Clarify Authorization documentation
Key: SOLR-15770
URL: https://issues.apache.org/jira/browse/SOLR-15770
Project: Solr
Issue Type: Improvement
Security Level: Public (Default Security Level. Issues are Public)
Components: documentation
Reporter: Jan Høydahl
The docs at
[https://solr.apache.org/guide/8_10/rule-based-authorization-plugin.html#permission-ordering-and-resolution]
is correct, but there is still lots of confusion and even bug reports and
vulnearbility reports based on this.
Ref Guide (and even Security UI) should spell out the following
* Edit permissions do not imply Read permissions. In fact, no permission imply
any other
* You do need an "ALL" permission at the end of your permission chain if you
want explicit control of all endpoints
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org
For additional commands, e-mail: issues-h...@solr.apache.org
