solr中的只读用户未按预期工作

mitkmikd  于 2022-11-05  发布在  Solr
关注(0)|答案(1)|浏览(139)

我想在solr中创建两个用户:一个管理员和一个开发人员。开发人员应该不能编辑solr元数据。这个用户应该不能使用solr.add或solr delete,我希望他只能使用solr.search来编辑我们的元数据solr-core(在python pysolr中)。
但是,用户总是可以使用solr.add和solr.delete,无论我为他设置了什么权限。下面是我的security.json:

{
  "authentication":{
    "blockUnknown":true,
    "class":"solr.BasicAuthPlugin",
    "credentials":{
      "my_admin":"<creds>",
      "my_dev":"<creds>"},
    "forwardCredentials":false,
    "":{"v":0}},
  "authorization":{
    "class":"solr.RuleBasedAuthorizationPlugin",
    "user-role":{
      "my_admin":["admin"],
      "my_dev":["dev"]},
    "permissions":[
      {
        "name":"security-edit",
        "role":["admin"],
        "index":1},
      {
        "name":"read",
        "role":["dev"],
        "index":2}],
    "":{"v":0}}
  }

我也尝试了zk-readmetics-readsecurity-readcollection-admin-read而不是read,结果都是一样的。用户my_dev可以使用solr.add和solr. delete。

ve7v8dk2

ve7v8dk21#

所以,感谢@MatsLindh,我得到了它。我改变了security.json如下,现在它的工作如预期!

{
  "authentication":{
    "blockUnknown":true,
    "class":"solr.BasicAuthPlugin",
    "credentials":{
      "my_admin":"<...>",
      "my_dev":"<...>",
      "my_user":"<...>"},
    "forwardCredentials":false,
    "":{"v":0}},
  "authorization":{
    "class":"solr.RuleBasedAuthorizationPlugin",
    "user-role":{
      "my_admin":["admin"],
      "my_dev":["dev"],
      "my_user":["user"]},
    "permissions":[
        { "name":"update", "role":["admin", "dev"] },
        { "name":"read", "role":["admin", "dev", "user"] },
        { "name":"security-edit", "role":["admin"] },
        { "name":"all", "role":["admin"] }
    ]
  }
}

相关问题