Hello, I have few questions about solr API and Basic Authorization permissions
I can't post the security.json for now as my environment is airgap but my configuration is the following : I am using Solr 9.7 - SolrCloud Basic Authorization ON Basic Authentication ON I have 2 users: - user1 - admin I defined follwing roles : - user1: user-manage user-update user-read - admin: admin And the permissions: - security-edit: admin - security-read: admin - schema-edit: admin - schema-read: user-manage - config-edit: user-manage - config-read: user-manage - metrics-read: null - health: null - core-admin-edit: admin - core-admin-read: user-manage - collection-admin-edit: user-manage - collection-admin-read: user-manage - update: user-update - read: user-read *- all : admin* And block_unknown = false --- What I observe is the following behaviour: *With API V1 for user1, everything works fine *: - create/list/delete collections - index/search (select) - configsets upload/list - authorization & authentication endpoints are correctly refused (403), according security-* rules *With API V2, some actions fails with 403* - can't create/list/delete collections (api/collections: 403) - can't search (api/c/mycollec/select : 403) - can't list configsets (/api/cluster/configs : 403) If I set the permission *all : user-manage* then API V2 has same behaviour than API V1 with *user1* I tried to give specific custom permissions to role *user-manage* in order ro to fix those API V2 403 - with path /select, i could allow user1 to search with V2 - couldn't find a path to allow collections list/delete/create on V2 (i tried /api/collections, /collections, /api/collections/*) *This raises some questions to me :* 1. Do permissions work same for V2 than V1 ? 2. How do they work with api V2 ? Is there any documentation specific about permissions on V2 Sorry if it is not very clear, thank you :) Kzs
