Basic http authentication can use to filter the accesses to different urlas you want, so you can allow access to the Query, Analysis, etc and Admin ban
2012/11/13 Erick Erickson <erickerick...@gmail.com> > Slap them firmly on the wrist if they do? > > The Solr admin is really designed with trusted users in mind. There are no > provisions that I know of for securing some of the functions. > > Your developers have access to the Solr server through the browser, right? > They can do all of that via URL, see: > http://wiki.apache.org/solr/CoreAdmin, > they don't need to use the admin server at all. > > So unless you're willing to put a lot of effort into it, I don't think you > really can lock it down. If you really don't trust them to not do bad > things, set up a dev environment and lock them out of your production > servers totally? > > Best > Erick > > > On Mon, Nov 12, 2012 at 12:41 PM, Michael Long <ml...@bizjournals.com > >wrote: > > > I really like the new admin in solr 4.0, but specifically I don't want > > developers to be able to unload, rename, swap, reload, optimize, or add > > core. > > > > Any ideas on how I could still give access to the rest of the admin > > without giving access to these? It is very helpful for them to have > access > > to the Query, Analysis, etc. > > >
