i have 2 SOLR Users- UserA and UserB. I want to restrict the collection access for some of the SOLR collections so that only UserA can access those collections. I ran the below commands to achieve it:
Bind User role with Username
curl -u <<admin_user>>:<<admin_user_password>> -H 'Content-type:application/json' -d '{
"set-user-role" : {
"userA": ["build","my-rule"]}
}'
http://<<solr-host>>:<<solr-port>>/solr/admin/authorization
Update collection permission
curl --user <<admin_user>>:<<admin_user_password>> -H 'content-type:application/json' -d '{
"set-permission": {"name":"my-collection-rules","collection": ["collection", "collection2"],
"path":"/*","role": "my-rule"}}' http://<<solr-host>>:<<solr-port>>/solr/admin/authorization
I observed that after running these commands, only UserA was able to access data from said collections using select handler, UserB is getting 403 error while querying the data and this is expected. But UserB is still able to delete the collections. Is there a way we can even restrict the delete access as well to UserA so that UserB is not able to delete collections belonging to userA?