[jira] [Commented] (SOLR-15771) bin/solr auth enable should model best practices for security.json

Tue, 12 Sep 2023 11:45:32 -0700 


    [ 
https://issues.apache.org/jira/browse/SOLR-15771?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17764333#comment-17764333
 ] 

ASF subversion and git services commented on SOLR-15771:
--------------------------------------------------------

Commit b163a0e50469dbb6357cef8506fba760710ef16b in solr's branch 
refs/heads/main from Eric Pugh
[ https://gitbox.apache.org/repos/asf?p=solr.git;h=b163a0e5046 ]

SOLR-15771: bin/solr auth enable should model best practices for security.json 
(#1851)

Introduce a security.json that defines four roles: `search`, `index`, `admin` 
and `superadmin`, and assigns the `superadmin` to the user created by running 
bin/solr auth.

> bin/solr auth enable should model best practices for security.json
> ------------------------------------------------------------------
>
>                 Key: SOLR-15771
>                 URL: https://issues.apache.org/jira/browse/SOLR-15771
>             Project: Solr
>          Issue Type: Bug
>          Components: Authentication, SolrCLI
>            Reporter: Eric Pugh
>            Assignee: Eric Pugh
>            Priority: Minor
>          Time Spent: 5h 10m
>  Remaining Estimate: 0h
>
> During discussion of SOLR-15770, the idea came up that the {{bin/solr auth 
> enable}} command should model a best practices setup of {{security.json}}, 
> with the idea that it's sometimes easier to show versus tell people how to 
> setup security.
>  
>  My wish for that default security.json
>  * Add three users {{user}} , {{admin}} and {{superadmin}}
>  * Add three roles with the same names
>  * Map *every* permission in the system to one or more of those roles
>  * End the chain with an {{all}} permission connected to the {{superadmin}} 
> role
> Bonus points would be to have the {{security.json}} be a template file read 
> in by {{AuthTool}} instead of a hard to edit/understand String generated in 
> Java. Then we could also reference this file in the Ref Guide (the way we do 
> with some SolrJ chunks of code) and provide more detailed explanation of 
> thinking in the Ref Guide.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to