On 3/12/2018 4:07 PM, Terry Steichen wrote:
> I'm using 6.6.0 with security.json active, having the content shown
> below.  I am running standalone mode, have two solr cores defined:
> email1, and email2.  Since the 'blockUnknown' is set to false, everyone
> should have access to any unprotected resource.  As you can see, I have
> three users defined: joe, solr and terry (the latter two having an admin
> role).
> What I expect to happen is for user joe (who is not an admin) to be able
> to access core emails2 without being challenged for his credentials. 
> But, user joe should also be challenged and not allowed to access emails1. 
> But solr appears to ignore the "collections" portion of the permission -
> it denies joe access to both cores. 


>         "blockUnknown": true,

Above you said that blockUnknown was false.  But in the config that
you've included here, I can clearly see it set to true.  Could that be
the issue?

I don't actually know anything about the authentication/authorization
plugin configuration.  But I can spot a discrepancy!

I can see in your original email, where the config got formatted badly,
that it was false.  So which is actually there?


Reply via email to