janhoy commented on PR #1851: URL: https://github.com/apache/solr/pull/1851#issuecomment-1688564766
I compiled my suggested changes as a PR to your branch: https://github.com/epugh/solr/pull/5 with these changes: * Renames role `user` as `search` * Adds role `index` which can do `/update` * Require role `superadmin` for `security-edit` * Set `blockUnknown: false` * Open up `/solr/admin/info/health`, `/api/node/health`, `/solr/admin/metrics` to the world * User `search` can only search (and do clusterstatus), user `index` can do update and search, user `admin` can do all admin commands, update and search, and user `superadmin` has all roles. * Changed password for each user to same as username (ideally we'd generate passwords and print them on the CLI) * Removed unnecessary "index" json keys from sample See screenshot for how it looks in security screen - no warnings there. <img width="1087" alt="securityjson-screenshot" src="https://github.com/apache/solr/assets/409128/d7d18760-730e-4426-ad56-1adae7a83d9c";> Worth to note that the `search` and `index` users now lacks permissions that would be required to use the Admin UI (config-read, collection-admin-read etc), so the UI is useless for other users than `admin`. Perhaps we should change that and let both `search` and `index` users get access to **read** those configs so they can use the Admin UI? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org For additional commands, e-mail: issues-h...@solr.apache.org
