You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@solr.apache.org by "ASF subversion and git services (Jira)" <ji...@apache.org> on 2021/12/02 18:56:00 UTC
[jira] [Commented] (SOLR-15828) Default permissions created when using bin/solr auth should agree with checks in security UI
[ https://issues.apache.org/jira/browse/SOLR-15828?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17452562#comment-17452562 ]
ASF subversion and git services commented on SOLR-15828:
--------------------------------------------------------
Commit cfc953b6b906ef742bba57024d327fbde5d564c2 in solr's branch refs/heads/main from Timothy Potter
[ https://gitbox.apache.org/repos/asf?p=solr.git;h=cfc953b ]
SOLR-15828: AuthTool (in SolrCLI) should include the config-read, collection-admin-read, core-admin-read, and all permissions in the initial security.json (#438)
> Default permissions created when using bin/solr auth should agree with checks in security UI
> --------------------------------------------------------------------------------------------
>
> Key: SOLR-15828
> URL: https://issues.apache.org/jira/browse/SOLR-15828
> Project: Solr
> Issue Type: Bug
> Security Level: Public(Default Security Level. Issues are Public)
> Reporter: Timothy Potter
> Assignee: Timothy Potter
> Priority: Major
> Time Spent: 10m
> Remaining Estimate: 0h
>
> When I enable security using:
> {code}
> bin/solr auth enable -type basicAuth -prompt true -z localhost:2181 -blockUnknown true
> {code}
> Then the security UI reports warnings:
> {code}
> config-read is not protected! In general, if you protect config-edit, you should also protect config-read
> collection-admin-read is not protected! In general, if you protect collection-admin-edit, you should also protect collection-admin-read
> core-admin-read is not protected! In general, if you protect core-admin-edit, you should also protect core-admin-read
> The 'all' permission is not configured! In general, you should assign the 'all' permission to an admin role and list it as the last permission in your config.
> {code}
> Out of the box, the default permissions should not generate warnings.
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@solr.apache.org
For additional commands, e-mail: issues-help@solr.apache.org