Hi, After reading more carefully the log file, here is my understanding.
The request http://2:xxxxxx@localhost:8983/solr/biblio/select?indent=on&q=*:*&wt=json report this in log 2018-12-30 12:24:52.102 INFO (qtp1731656333-20) [ x:biblio] o.a.s.s.HttpSolrCall USER_REQUIRED auth header Basic Mjox context : userPrincipal: [[principal: 2]] type: [READ], collections: [], Path: [/select] path : /select params :q=*:*&indent=on&wt=json collections is empty, so it looks like "/select" is not collection specific and so it is not possible to define read access by collection. Can someone confirm ? Regards Dominique Le ven. 21 déc. 2018 à 10:46, Dominique Bejean <dominique.bej...@eolya.fr> a écrit : > Hi, > > I am trying to configure security.json file, in order to define the > following users and permissions : > > - user "admin" with all permissions on all collections > - user "read" with read permissions on all collections > - user "1" with only read permissions on biblio collection > - user "2" with only read permissions on personnes collection > > Here is my security.json file > > { > "authentication":{ > "blockUnknown":true, > "class":"solr.BasicAuthPlugin", > "credentials":{ > "admin":"4uwfcjV7bCqOdLF/Qn2wiTyC7zIWN6lyA1Bgp1yqZj0= > 7PCh68vhIlZXg1l45kSlvGKowMg1bm/L3eSfgT5dzjs=", > "read":"azUFSo9/plsGkQGhSQuk8YXoir22pALVpP8wFkd7wlk= > gft4wNAeuvz7P8bv/Jv6TK94g516/qXe9cFWe/VlhDo=", > "1":"azUFSo9/plsGkQGhSQuk8YXoir22pALVpP8wFkd7wlk= > gft4wNAeuvz7P8bv/Jv6TK94g516/qXe9cFWe/VlhDo=", > "2":"azUFSo9/plsGkQGhSQuk8YXoir22pALVpP8wFkd7wlk= > gft4wNAeuvz7P8bv/Jv6TK94g516/qXe9cFWe/VlhDo="}, > "":{"v":0}}, > "authorization":{ > "class":"solr.RuleBasedAuthorizationPlugin", > "permissions":[ > { > "name":"all", > "role":"admin", > "index":1}, > { > "name":"read-biblio", > "path":"/select", > "role":["admin","read","r1"], > "collection":"biblio", > "index":2}, > { > "name":"read-personnes", > "path":"/select", > "role":["admin","read","r2"], > "collection":"personnes", > "index":3}, > { > "name":"read", > "collection":"*", > "role":["admin","read"], > "index":4}], > "user-role":{ > "admin":"admin", > "read":"read", > "1":"r1", > "2":"r2"} > } > } > > > I have a 403 errors for user 1 on biblio and user 2 on personnes while > using the "/select" requestHandler. However according to r1 and r2 roles > and premissions order, the access should be allowed. > > I have duplicated the TestRuleBasedAuthorizationPlugin.java class in order > to test these exact same permissions and roles. checkRules reports access > is allowed !!! > > I don't understand where is the problem. Any ideas ? > > Regards > > Dominique > > > > > > > >