I suggest Solr ...

User/group ACLs + Authentication on Solr's API calls

I would like to see Access control list on Solr's API, and most importantly an access separation between dangerous admin API calls, and simple "safe" API calls (/select, /update, etc).

Currently anything with connectivity to Solr/SolrCloud can issue Core and Collection API calls, meaning a rogue app, developer, hacker, yada yada could delete entire cores and collections, unauthenticated to Solr.

I also cannot grant access to specific cores, or specific handlers on that core, meaning any app with access to Solr can hit any core, and potentially any handler on that core.

I would like to be able to...
1) restrict cores to certain users.
2) restrict handlers in a core to certain users.
3) restrict admin-level API calls to certain users.

2 votes
Vote
Sign in
Check!
(thinking…)
Reset
or sign in with
  • facebook
  • google
    Password icon
    I agree to the terms of service
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    Tim Vaillancourt shared this idea  ·   ·  Admin →

    0 comments

    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      I agree to the terms of service
      Signed in as (Sign out)
      Submitting...

      Feedback and Knowledge Base