Hello, I am trying to configure Solr authentication using Basic Authentication and Role Based Authorization. I've been facing issues configuring the authorization part, while the authentication part works fine. My goal is to define three groups, containing one user each. One user (chatbot) should have read permission on all collections and should be able to write on only one collection. Another user should have read permissions on all the collections and write permissions on all the collections but one, which is the one the other user is allowed to write on. Then there is a user (superadmin) that should be able to do everything.
I am using Solr 8, in standalone mode. I tried to write the following security.json file but every request made by chatbot and console users gets rejected and the log points out that superadmin is the only group allowed to perform the request. If I delete the "all" rule, everything works as supposed to but I cannot have a privileged user. This, in my opinion, seems not coherent with what is written in the reference guide about the permission priority (https://solr.apache.org/guide/8_8/rule-based-authorization-plugin.html). I did a lot of research before posting here but I didn't find any solutions, so I would appreciate any help to sort it out. { "authentication": { "class": "solr.BasicAuthPlugin", "blockUnknown": true, "credentials": { "superadmin-user":"...", "chatbot-user":"...", "console-user":"..." } }, "authorization": { "class": "solr.RuleBasedAuthorizationPlugin", "user-role": { "chatbot-user": "chatbot", "console-user": "console", "superadmin-user": "superadmin" }, "permissions": [ {"collection":["col1", "col2", "col3", "col4", "col5"], "role":["chatbot","console"], "path":"/select"}, {"collection":"col5", "role":"chatbot", "path":"/update"}, {"collection":["col1", "col2", "col3", "col4"], "role":"console", "path":"/update"}, {"name":"all", "role":"superadmin"} ] } } Luca
