You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@solr.apache.org by "Timothy Potter (Jira)" <ji...@apache.org> on 2021/12/02 18:04:00 UTC

[jira] [Created] (SOLR-15828) Default permissions created when using bin/solr auth should agree with checks in security UI

Timothy Potter created SOLR-15828:
-------------------------------------

             Summary: Default permissions created when using bin/solr auth should agree with checks in security UI
                 Key: SOLR-15828
                 URL: https://issues.apache.org/jira/browse/SOLR-15828
             Project: Solr
          Issue Type: Bug
      Security Level: Public (Default Security Level. Issues are Public)
            Reporter: Timothy Potter
            Assignee: Timothy Potter


When I enable security using:
{code}
bin/solr auth enable -type basicAuth -prompt true -z localhost:2181 -blockUnknown true
{code}
Then the security UI reports warnings:
{code}

 config-read is not protected! In general, if you protect config-edit, you should also protect config-read

 collection-admin-read is not protected! In general, if you protect collection-admin-edit, you should also protect collection-admin-read

 core-admin-read is not protected! In general, if you protect core-admin-edit, you should also protect core-admin-read

 The 'all' permission is not configured! In general, you should assign the 'all' permission to an admin role and list it as the last permission in your config.
{code}
Out of the box, the default permissions should not generate warnings.



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@solr.apache.org
For additional commands, e-mail: issues-help@solr.apache.org