The tables below refer to the request handlers defined in the generated solrconfig.xml.secure . If you are not using this configuration file, the below may
not apply.
admin is a special collection in sentry used to represent administrative actions. A non-administrative request may only require privileges on the
collection or config on which the request is being performed. This is called either collection1 or config1 in this appendix. An
administrative request may require privileges on both the admin collection and collection1 . This is denoted as admin , collection1 in the tables below.
Note: If no privileges are granted, no access is possible. For example, accessing the Solr
Admin UI requires the QUERY privilege. If no users are granted the QUERY privilege, no access to the Solr Admin UI is
possible.
Privilege table for non-administrative request handlers
Request Handler
Required Collection Privilege
Collections that Require Privilege
select QUERY collection1
query QUERY collection1
get QUERY collection1
browse QUERY collection1
tvrh QUERY collection1
clustering QUERY collection1
terms QUERY collection1
elevate QUERY collection1
analysis/field QUERY collection1
analysis/document QUERY collection1
update UPDATE collection1
update/json UPDATE collection1
update/csv UPDATE collection1
Privilege table for collections admin actions
Collection Action
Required Collection Privilege
Collections that Require Privilege
create UPDATE admin , collection1
delete UPDATE admin , collection1
reload UPDATE admin , collection1
createAlias UPDATE admin , collection1
Note: collection1 here refers to the name of the alias, not the underlying collection(s). For example, http://YOUR-HOST:8983/ solr/admin/collections?action= CREATEALIAS&name=collection1 &collections=underlyingCollection
deleteAlias UPDATE admin , collection1
Note: collection1 here refers to the name of the alias, not the underlying collection(s). For example, http://YOUR-HOST:8983/ solr/admin/collections?action= DELETEALIAS&name=collection1
syncShard UPDATE admin , collection1
splitShard UPDATE admin , collection1
deleteShard UPDATE admin , collection1
Privilege table for core admin actions
Collection Action
Required Collection Privilege
Collections that Require Privilege
create UPDATE admin , collection1
rename UPDATE admin , collection1
load UPDATE admin , collection1
unload UPDATE admin , collection1
status UPDATE admin , collection1
persist UPDATE admin
reload UPDATE admin , collection1
swap UPDATE admin , collection1
mergeIndexes UPDATE admin , collection1
split UPDATE admin , collection1
prepRecover UPDATE admin , collection1
requestRecover UPDATE admin , collection1
requestSyncShard UPDATE admin , collection1
requestApplyUpdates UPDATE admin , collection1
Privilege table for Info and AdminHandlers
Request Handler
Required Collection Privilege
Collections that Require Privilege
LukeRequestHandler QUERY admin
SystemInfoHandler QUERY admin
SolrInfoMBeanHandler QUERY admin
PluginInfoHandler QUERY admin
ThreadDumpHandler QUERY admin
PropertiesRequestHandler QUERY admin
LogginHandler QUERY , UPDATE (or * )admin
ShowFileRequestHandler QUERY admin
Privilege table for Config Admin actions
Config Action
Required Collection Privilege
Collections that Require Privilege
Required Config Privilege
Configs that Require Privilege
CREATE UPDATE admin * config1
DELETE UPDATE admin * config1