Hello Mike, Unfortunately rules can only have a collection scope in SolrCloud, not a core scope in standalone Solr.
I asked about core specific rules recently: http://mail-archives.apache.org/mod_mbox/solr-users/202105.mbox/%3ccabewpvezzmf5kkaekoik7o-uvxiqzi43e-j7thsf0p213gy...@mail.gmail.com%3e Thomas Op di 5 okt. 2021 om 08:15 schreef Mike Cochrane < cochra...@landcareresearch.co.nz>: > Hi > > > > I have a basic instance of SOLR (8.10.0) running on Windows. > > > > I’m using the RuleBasedAuthorizationPlugin for authorization and can’t > seem to figure out the configuration to allow me to secure a Core (as > opposed to a Collection). > > > > In the logs I see the following for a basic request (while authenticated > as the nzor_user user) > > > > http://dev-solr-02:8983/solr/config-test/select?indent=true&q.op=OR&q=*%3A* > > > > 2021-10-05 05:20:21.801 DEBUG (qtp320304382-18) [ x:config-test] > o.a.s.s.RuleBasedAuthorizationPluginBase Attempting to authorize request to > [/select] of type: [READ], associated with collections [[]] > > 2021-10-05 05:20:21.801 DEBUG (qtp320304382-18) [ x:config-test] > o.a.s.s.RuleBasedAuthorizationPluginBase Authorizing collection-aware > request, checking perms applicable to all (*) collections > > 2021-10-05 05:20:21.801 TRACE (qtp320304382-18) [ x:config-test] > o.a.s.s.RuleBasedAuthorizationPluginBase Following perms are associated > with collection > > > > The request does not seem to be associated with a collection so it isn’t > resolving to the rule that I have set up for the config-test core. > > > > "authorization":{ > > "class":"solr.RuleBasedAuthorizationPlugin", > > "permissions":[ > > { > > "name":"permission-biota-read", > > "role":["role-biota-read"], > > "collection":["config-test"], > > "path":["*"], > > "params":{}, > > "index":1, > > "method":["GET"]}, > > { > > "name":"security-edit", > > "role":"admin", > > "index":2}, > > { > > "name":"all", > > "role":["admin"], > > "index":3}], > > "user-role":{ > > "solr":"admin", > > "nzor_user":["role-biota-read"]} > > > > I guess after looking at the docs and a bit of Googling everything talks > about collections so I’m wondering on a single (non-cloud) instance can I > restrict access for users to only read a particular core? > > > > Cheers > > Mike > > > > *Mike Cochrane* > > IT SERVICES | INFORMATICS > > Manaaki Whenua – Landcare Research > > www.landcareresearch.co.nz > > > > ------------------------------ > > Please consider the environment before printing this email > Warning: This electronic message together with any attachments is > confidential. If you receive it in error: (i) you must not read, use, > disclose, copy or retain it; (ii) please contact the sender immediately by > reply email and then delete the emails. > The views expressed in this email may not be those of Landcare Research > New Zealand Limited. http://www.landcareresearch.co.nz >
