You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@solr.apache.org by "David Eric Pugh (Jira)" <ji...@apache.org> on 2021/11/05 10:07:00 UTC
[jira] [Created] (SOLR-15771) bin/solr auth enable should model
best practices for security.json
David Eric Pugh created SOLR-15771:
--------------------------------------
Summary: bin/solr auth enable should model best practices for security.json
Key: SOLR-15771
URL: https://issues.apache.org/jira/browse/SOLR-15771
Project: Solr
Issue Type: Bug
Security Level: Public (Default Security Level. Issues are Public)
Components: cli, Authentication
Reporter: David Eric Pugh
Assignee: David Eric Pugh
During discussion of SOLR-15770, the idea came up that the {{bin/solr auth enable}} command should model a best practices setup of {{security.json}}, with the idea that it's sometimes easier to show versus tell people how to setup security.
My wish for that default security.json * Add three users {{user}} , {{admin}} and {{superadmin}}
* Add three roles with the same names
* Map *every* permission in the system to one or more of those roles
* End the chain with an {{all}}permission connected to the superadmin role
Bonus points would be to have the {{security.json}} be a template file read in by {{AuthTool}} instead of a hard to edit/understand String generated in Java. Then we could also reference this file in the Ref Guide (the way we do with some SolrJ chunks of code) and provide more detailed explanation of thinking in the Ref Guide.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@solr.apache.org
For additional commands, e-mail: issues-help@solr.apache.org