[solr] branch branch_9_0 updated: SOLR-16671: Explicitly call out library permissions for config-edit (#1370)

Sun, 19 Feb 2023 17:34:41 -0800 

This is an automated email from the ASF dual-hosted git repository.

houston pushed a commit to branch branch_9_0
in repository https://gitbox.apache.org/repos/asf/solr.git


The following commit(s) were added to refs/heads/branch_9_0 by this push:
     new 53e52a7a74b SOLR-16671: Explicitly call out library permissions for 
config-edit (#1370)
53e52a7a74b is described below

commit 53e52a7a74bb9fb8093b41b0616142355fa271db
Author: Houston Putman <[email protected]>
AuthorDate: Sun Feb 19 17:23:53 2023 -0800

    SOLR-16671: Explicitly call out library permissions for config-edit (#1370)
    
    (cherry picked from commit d6b8f300711a59230531c855809debb745eb72a8)
---
 .../modules/deployment-guide/pages/rule-based-authorization-plugin.adoc  | 1 +
 1 file changed, 1 insertion(+)

diff --git 
a/solr/solr-ref-guide/modules/deployment-guide/pages/rule-based-authorization-plugin.adoc
 
b/solr/solr-ref-guide/modules/deployment-guide/pages/rule-based-authorization-plugin.adoc
index 7e99462bc96..2d4c528c20e 100644
--- 
a/solr/solr-ref-guide/modules/deployment-guide/pages/rule-based-authorization-plugin.adoc
+++ 
b/solr/solr-ref-guide/modules/deployment-guide/pages/rule-based-authorization-plugin.adoc
@@ -401,6 +401,7 @@ If edit permissions should only be applied to specific 
collections, a custom per
 Note that this allows schema read permissions for _all_ collections.
 If read permissions should only be applied to specific collections, a custom 
permission would need to be created.
 * *config-edit*: this permission is allowed to edit a collection's 
configuration using the xref:configuration-guide:config-api.adoc[], the 
xref:configuration-guide:request-parameters-api.adoc[], and other APIs which 
modify `configoverlay.json`.
+Because configs 
xref:configuration-guide:libs.adoc#lib-directives-in-solrconfig[can add 
libraries/custom code] from various locations, loading any new code via a 
trusted SolrConfig is explicitly allowed for users with this permission.
 Note that this allows configuration edit permissions for _all_ collections.
 If edit permissions should only be applied to specific collections, a custom 
permission would need to be created.
 * *config-read*: this permission is allowed to read a collection's 
configuration using the xref:configuration-guide:config-api.adoc[], the 
xref:configuration-guide:request-parameters-api.adoc[], 
xref:configuration-guide:configsets-api.adoc#configsets-list[Configsets API], 
the Admin UI's 
xref:configuration-guide:configuration-files.adoc#files-screen[Files Screen], 
and other APIs accessing configuration.

Reply via email to