You are viewing a plain text version of this content. The canonical link for it is here.
Posted to solr-user@lucene.apache.org by Michael Long <ml...@bizjournals.com> on 2012/11/12 18:41:50 UTC
Admin Permissions
I really like the new admin in solr 4.0, but specifically I don't want
developers to be able to unload, rename, swap, reload, optimize, or add
core.
Any ideas on how I could still give access to the rest of the admin
without giving access to these? It is very helpful for them to have
access to the Query, Analysis, etc.
Re: Admin Permissions
Posted by Juan Carlos Serrano <jc...@gmail.com>.
Basic http authentication can use to filter the accesses to different
urlas you want, so you can allow access
to the Query, Analysis, etc and Admin ban
2012/11/13 Erick Erickson <er...@gmail.com>
> Slap them firmly on the wrist if they do?
>
> The Solr admin is really designed with trusted users in mind. There are no
> provisions that I know of for securing some of the functions.
>
> Your developers have access to the Solr server through the browser, right?
> They can do all of that via URL, see:
> http://wiki.apache.org/solr/CoreAdmin,
> they don't need to use the admin server at all.
>
> So unless you're willing to put a lot of effort into it, I don't think you
> really can lock it down. If you really don't trust them to not do bad
> things, set up a dev environment and lock them out of your production
> servers totally?
>
> Best
> Erick
>
>
> On Mon, Nov 12, 2012 at 12:41 PM, Michael Long <mlong@bizjournals.com
> >wrote:
>
> > I really like the new admin in solr 4.0, but specifically I don't want
> > developers to be able to unload, rename, swap, reload, optimize, or add
> > core.
> >
> > Any ideas on how I could still give access to the rest of the admin
> > without giving access to these? It is very helpful for them to have
> access
> > to the Query, Analysis, etc.
> >
>
Re: Admin Permissions
Posted by Michael Long <ml...@bizjournals.com>.
I figured out you can disable the core admin in solr.xml, but then it
breaks the admin as apparently it relies on that.
I tried tomcat security but haven't been able to make it work
I think as this point I may just write a query/debugging app that the
developers could use
On 11/13/2012 07:12 AM, Erick Erickson wrote:
> Slap them firmly on the wrist if they do?
>
> The Solr admin is really designed with trusted users in mind. There are no
> provisions that I know of for securing some of the functions.
>
> Your developers have access to the Solr server through the browser, right?
> They can do all of that via URL, see: http://wiki.apache.org/solr/CoreAdmin,
> they don't need to use the admin server at all.
>
> So unless you're willing to put a lot of effort into it, I don't think you
> really can lock it down. If you really don't trust them to not do bad
> things, set up a dev environment and lock them out of your production
> servers totally?
>
> Best
> Erick
>
>
> On Mon, Nov 12, 2012 at 12:41 PM, Michael Long <ml...@bizjournals.com>wrote:
>
>> I really like the new admin in solr 4.0, but specifically I don't want
>> developers to be able to unload, rename, swap, reload, optimize, or add
>> core.
>>
>> Any ideas on how I could still give access to the rest of the admin
>> without giving access to these? It is very helpful for them to have access
>> to the Query, Analysis, etc.
>>
Re: Admin Permissions
Posted by Erick Erickson <er...@gmail.com>.
Slap them firmly on the wrist if they do?
The Solr admin is really designed with trusted users in mind. There are no
provisions that I know of for securing some of the functions.
Your developers have access to the Solr server through the browser, right?
They can do all of that via URL, see: http://wiki.apache.org/solr/CoreAdmin,
they don't need to use the admin server at all.
So unless you're willing to put a lot of effort into it, I don't think you
really can lock it down. If you really don't trust them to not do bad
things, set up a dev environment and lock them out of your production
servers totally?
Best
Erick
On Mon, Nov 12, 2012 at 12:41 PM, Michael Long <ml...@bizjournals.com>wrote:
> I really like the new admin in solr 4.0, but specifically I don't want
> developers to be able to unload, rename, swap, reload, optimize, or add
> core.
>
> Any ideas on how I could still give access to the rest of the admin
> without giving access to these? It is very helpful for them to have access
> to the Query, Analysis, etc.
>