You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@lucene.apache.org by ho...@apache.org on 2023/02/20 02:46:37 UTC
[lucene-solr] branch branch_8_11 updated: SOLR-16671: Explicitly call out library permissions for config-edit
This is an automated email from the ASF dual-hosted git repository.
houston pushed a commit to branch branch_8_11
in repository https://gitbox.apache.org/repos/asf/lucene-solr.git
The following commit(s) were added to refs/heads/branch_8_11 by this push:
new c9fa21d3bda SOLR-16671: Explicitly call out library permissions for config-edit
c9fa21d3bda is described below
commit c9fa21d3bda2ce36740655c928c8a2fc3b3458b6
Author: Houston Putman <ho...@apache.org>
AuthorDate: Sun Feb 19 21:46:28 2023 -0500
SOLR-16671: Explicitly call out library permissions for config-edit
---
solr/solr-ref-guide/src/rule-based-authorization-plugin.adoc | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/solr/solr-ref-guide/src/rule-based-authorization-plugin.adoc b/solr/solr-ref-guide/src/rule-based-authorization-plugin.adoc
index 6546e1c41f0..b212ee2b9fe 100644
--- a/solr/solr-ref-guide/src/rule-based-authorization-plugin.adoc
+++ b/solr/solr-ref-guide/src/rule-based-authorization-plugin.adoc
@@ -242,7 +242,7 @@ The predefined permission names (and their effects) are:
* *security-read*: this permission is allowed to read the security configuration, meaning any action that reads `security.json` settings through the APIs will be allowed.
* *schema-edit*: this permission is allowed to edit a collection's schema using the <<schema-api.adoc#,Schema API>>. Note that this allows schema edit permissions for _all_ collections. If edit permissions should only be applied to specific collections, a custom permission would need to be created.
* *schema-read*: this permission is allowed to read a collection's schema using the <<schema-api.adoc#,Schema API>>. Note that this allows schema read permissions for _all_ collections. If read permissions should only be applied to specific collections, a custom permission would need to be created.
-* *config-edit*: this permission is allowed to edit a collection's configuration using the <<config-api.adoc#,Config API>>, the <<request-parameters-api.adoc#,Request Parameters API>>, and other APIs which modify `configoverlay.json`. Note that this allows configuration edit permissions for _all_ collections. If edit permissions should only be applied to specific collections, a custom permission would need to be created.
+* *config-edit*: this permission is allowed to edit a collection's configuration using the <<config-api.adoc#,Config API>>, the <<request-parameters-api.adoc#,Request Parameters API>>, and other APIs which modify `configoverlay.json`. Because configs can add libraries/custom code from various locations, loading any new code via a trusted SolrConfig is explicitly allowed for users with this permission. Note that this allows configuration edit permissions for _all_ collections. If edit per [...]
* *config-read*: this permission is allowed to read a collection's configuration using the <<config-api.adoc#,Config API>>, the <<request-parameters-api.adoc#,Request Parameters API>>, <<configsets-api.adoc#configsets-list,Configsets API>>, the Admin UI's <<files-screen.adoc#,Files Screen>>, and other APIs accessing configuration. Note that this allows configuration read permissions for _all_ collections. If read permissions should only be applied to specific collections, a custom permis [...]
* *metrics-read*: this permission allows access to Solr's <<metrics-reporting.adoc#metrics-api,Metrics API>>
* *metrics-history-read*: this permission allows access to Solr's <<metrics-history.adoc#metrics-history-api,Metrics History API>>, which provides long-term history for a select set of key Solr metrics.