lucene-solr-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Michael Long <ml...@bizjournals.com>
Subject Re: Admin Permissions
Date Thu, 15 Nov 2012 21:26:19 GMT
I figured out you can disable the core admin in solr.xml, but then it 
breaks the admin as apparently it relies on that.

I tried tomcat security but haven't been able to make it work

I think as this point I may just write a query/debugging app that the 
developers could use

On 11/13/2012 07:12 AM, Erick Erickson wrote:
> Slap them firmly on the wrist if they do?
>
> The Solr admin is really designed with trusted users in mind. There are no
> provisions that I know of for securing some of the functions.
>
> Your developers have access to the Solr server through the browser, right?
> They can do all of that via URL, see: http://wiki.apache.org/solr/CoreAdmin,
> they don't need to use the admin server at all.
>
> So unless you're willing to put a lot of effort into it, I don't think you
> really can lock it down. If you really don't trust them to not do bad
> things, set up a dev environment and lock them out of your production
> servers totally?
>
> Best
> Erick
>
>
> On Mon, Nov 12, 2012 at 12:41 PM, Michael Long <mlong@bizjournals.com>wrote:
>
>> I really like the new admin in solr 4.0, but specifically I don't want
>> developers to be able to unload, rename, swap, reload, optimize, or add
>> core.
>>
>> Any ideas on how I could still give access to the rest of the admin
>> without giving access to these? It is very helpful for them to have access
>> to the Query, Analysis, etc.
>>


Mime
View raw message