You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@solr.apache.org by "Jan Høydahl (Jira)" <ji...@apache.org> on 2023/02/15 14:22:00 UTC
[jira] [Resolved] (SOLR-16658) List of permissions returned to Admin UI is not complete
[ https://issues.apache.org/jira/browse/SOLR-16658?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jan Høydahl resolved SOLR-16658.
--------------------------------
Fix Version/s: 9.2
Resolution: Fixed
> List of permissions returned to Admin UI is not complete
> --------------------------------------------------------
>
> Key: SOLR-16658
> URL: https://issues.apache.org/jira/browse/SOLR-16658
> Project: Solr
> Issue Type: Bug
> Security Level: Public(Default Security Level. Issues are Public)
> Components: Admin UI, security
> Reporter: Jan Høydahl
> Assignee: Jan Høydahl
> Priority: Major
> Fix For: 9.2
>
> Time Spent: 40m
> Remaining Estimate: 0h
>
> The Admin UI fetches user's list of roles and permissions from the {{/admin/info/system}} API, and use it to enable/disable various parts of the UI.
> The lists are assembed by {{SystemInfoHandler}}, and work well for permissions assigned to one or more roles. However, Solr's security system also has two special type of roles that can be assigned to permissions:
> * {{null}} role: Means that no authentication is needed at all (if blockUnknown=false)
> * {{\*}} role: Wildcard role meaning a user with any role, i.e. any authenticated user, will have the permission
> This is handled correctly by the backend, but the list of permissions returned by {{/admin/info/system}} lacks these permissions.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@solr.apache.org
For additional commands, e-mail: issues-help@solr.apache.org