[SOLR-15825] Permission "all" should include "security-edit" - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Minor
Resolution: Fixed
Affects Version/s: 8.10, 8.11, 8.10.1
Fix Version/s: 9.0, 8.11.1
Component/s: Admin UI, Authorization, Security UI
Labels:
None

Description

With basic authentication and rule-based authorization, a user with permission "all" does not have access to the Security panel in the UI.

Refer to the security.json attached. (credentials: admin/admin)

The UI displays message : "You do not have permission to view the security panel."

Workaround: add permissions "security-edit" and "security-read" to the role (before "all").

According to thelabdude, this is an issue in the UI only:

this is a bug in the security UI only (not the backend),
specifically right here:
https://urldefense.com/v3/__https://github.com/apache/solr/blob/main/solr/webapp/web/js/angular/controllers/security.js*L344__;Iw!!Obbck6kTJA!L1x2jPaH5Hj7OSGuRO9kR5aHJK0h4ekxPfpNGckK9JglMRyaomgDN8ikSeW5f96k$ .

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

security.json
30/Nov/21 22:58
0.5 kB
Isabelle Giguere

Issue Links

links to

GitHub Pull Request #437

GitHub Pull Request #2620

Activity

People

Assignee:: Timothy Potter

Reporter:: Isabelle Giguere

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 30/Nov/21 23:02

Updated:: 16/Dec/21 14:16

Resolved:: 02/Dec/21 16:10

Time Tracking

Estimated:

Not Specified

Remaining:

Logged:

40m