Support Questions

Do you have a rule like to following?

RULE:[1:$1@$0](.*@EXAMPLE.COM)s/@.*//

Also, do you have the following at the end?

DEFAULT

RULE:[1:$1@$0](ambari-qa-cluster1@MY.PROD.EXAMPLE.COM)s/.*/ambari-qa/ 
RULE:[1:$1@$0](hbase-cluster1@MY.PROD.EXAMPLE.COM)s/.*/hbase/ 
RULE:[1:$1@$0](hdfs-cluster1@MY.PROD.EXAMPLE.COM)s/.*/hdfs/ 
RULE:[1:$1@$0](spark-cluster1@MY.PROD.EXAMPLE.COM)s/.*/spark/ 
RULE:[1:$1@$0](zeppelin-cluster1@MY.PROD.EXAMPLE.COM)s/.*/zeppelin/ 
RULE:[1:$1@$0](.*@MY.PROD.EXAMPLE.COM)s/@.*// 
RULE:[2:$1@$0](amshbase@MY.PROD.EXAMPLE.COM)s/.*/ams/ 
RULE:[2:$1@$0](amszk@MY.PROD.EXAMPLE.COM)s/.*/ams/ 
RULE:[2:$1@$0](atlas@MY.PROD.EXAMPLE.COM)s/.*/atlas/ 
RULE:[2:$1@$0](dn@MY.PROD.EXAMPLE.COM)s/.*/hdfs/ 
RULE:[2:$1@$0](falcon@MY.PROD.EXAMPLE.COM)s/.*/falcon/ 
RULE:[2:$1@$0](hbase@MY.PROD.EXAMPLE.COM)s/.*/hbase/ 
RULE:[2:$1@$0](hive@MY.PROD.EXAMPLE.COM)s/.*/hive/ 
RULE:[2:$1@$0](jhs@MY.PROD.EXAMPLE.COM)s/.*/mapred/ 
RULE:[2:$1@$0](jn@MY.PROD.EXAMPLE.COM)s/.*/hdfs/ 
RULE:[2:$1@$0](knox@MY.PROD.EXAMPLE.COM)s/.*/knox/ 
RULE:[2:$1@$0](livy@MY.PROD.EXAMPLE.COM)s/.*/livy/ 
RULE:[2:$1@$0](nfs@MY.PROD.EXAMPLE.COM)s/.*/hdfs/ 
RULE:[2:$1@$0](nm@MY.PROD.EXAMPLE.COM)s/.*/yarn/ 
RULE:[2:$1@$0](nn@MY.PROD.EXAMPLE.COM)s/.*/hdfs/ 
RULE:[2:$1@$0](oozie@MY.PROD.EXAMPLE.COM)s/.*/oozie/ 
RULE:[2:$1@$0](rangeradmin@MY.PROD.EXAMPLE.COM)s/.*/ranger/ 
RULE:[2:$1@$0](rangertagsync@MY.PROD.EXAMPLE.COM)s/.*/rangertagsync/ 
RULE:[2:$1@$0](rangerusersync@MY.PROD.EXAMPLE.COM)s/.*/rangerusersync/ 
RULE:[2:$1@$0](rm@MY.PROD.EXAMPLE.COM)s/.*/yarn/ 
RULE:[2:$1@$0](yarn@MY.PROD.EXAMPLE.COM)s/.*/yarn/ 
RULE:[1:$1@$0](infra-solr@MY.PROD.EXAMPLE.COM)s/.*/solr/ 
RULE:[2:$1@$0](infra-solr@MY.PROD.EXAMPLE.COM)s/.*/solr/ 
DEFAULT

I added the last two before DEFAULT (that was already there).

It is still not working.

The rule you mentionned is already there.

Please note that my user name is username@EXAMPLE.COM whereas all principals name are @MY.PROD.EXAMPLE.COM

When I look into /etc/ambari-infra-solr/conf/security.json, I get :

{
  "authentication": {
    "class": "org.apache.solr.security.KerberosPlugin"
  },
  "authorization": {
    "class": "org.apache.ambari.infra.security.InfraRuleBasedAuthorizationPlugin",
    "user-role": {
      "infra-solr@MY.PROD.EXAMPLE.COM": "admin",
      "logsearch@MY.PROD.EXAMPLE.COM": ["logsearch_user", "ranger_admin_user", "dev"],
      "logfeeder@MY.PROD.EXAMPLE.COM": ["logfeeder_user", "dev"],
      "atlas@MY.PROD.EXAMPLE.COM": ["atlas_user", "ranger_audit_user", "dev"],
      "nn@MY.PROD.EXAMPLE.COM": ["ranger_audit_user", "dev"],
      "hbase@MY.PROD.EXAMPLE.COM": ["ranger_audit_user", "dev"],
      "hive@MY.PROD.EXAMPLE.COM": ["ranger_audit_user", "dev"],
      "knox@MY.PROD.EXAMPLE.COM": ["ranger_audit_user", "dev"],
      "kafka@MY.PROD.EXAMPLE.COM": ["ranger_audit_user", "dev"],
      "rangerkms@MY.PROD.EXAMPLE.COM": ["ranger_audit_user", "dev"],
      "storm-bdtest1@MY.PROD.EXAMPLE.COM": ["ranger_audit_user", "dev"],
      "rm@MY.PROD.EXAMPLE.COM": ["ranger_audit_user", "dev"],
      "nifi@MY.PROD.EXAMPLE.COM": ["ranger_audit_user", "dev"],
      "rangeradmin@MY.PROD.EXAMPLE.COM": ["ranger_admin_user", "ranger_audit_user", "dev"]
    },
    "permissions": [
    {
      "name" : "collection-admin-read",
      "role" :null
    },
    {
      "name" : "collection-admin-edit",
      "role" : ["admin", "logsearch_user", "logfeeder_user", "atlas_user", "ranger_admin_user"]
    },
    {
      "name":"read",
      "role": "dev"
    },
    {
      "collection": ["hadoop_logs", "audit_logs", "history"],
      "role": ["admin", "logsearch_user", "logfeeder_user"],
      "name": "logsearch-manager",
      "path": "/*"
    },
    {
       "collection": ["vertex_index", "edge_index", "fulltext_index"],
       "role": ["admin", "atlas_user"],
       "name": "atlas-manager",
       "path": "/*"
    },
    {
       "collection": "ranger_audits",
       "role": ["admin", "ranger_admin_user", "ranger_audit_user"],
       "name": "ranger-manager",
       "path": "/*"
    }]
  }
}

Thanks for your help, I will try this today and let you know asap if this has solved the issue.