User/group ACLs + Authentication on Solr's API calls
I would like to see Access control list on Solr's API, and most importantly an access separation between dangerous admin API calls, and simple "safe" API calls (/select, /update, etc).
Currently anything with connectivity to Solr/SolrCloud can issue Core and Collection API calls, meaning a rogue app, developer, hacker, yada yada could delete entire cores and collections, unauthenticated to Solr.
I also cannot grant access to specific cores, or specific handlers on that core, meaning any app with access to Solr can hit any core, and potentially any handler on that core.
I would like to be able to...
1) restrict cores to certain users.
2) restrict handlers in a core to certain users.
3) restrict admin-level API calls to certain users.