Skip to main content
Sign in

Restrict access to Rules, Rewrites, and Analytics dashboards and prevent collection creation in Fusion

  • Updated

Goal

Limit a user's access to only the Rules Manager, Rewrites Manager, and Analytics dashboards within a specific Fusion app, while preventing that user from creating new Solr collections via the Admin UI.

 

Environment

Fusion 5.5.2 and above
Self-hosted Kubernetes deployments

 

Guide

Define the role with appropriate permissions

Create or modify a role with the following permissions to enable access only to Rules Manager, Rewrites Manager, and Analytics dashboards for a specific application.

Replace <APP_NAME> with the name of the Fusion app.

PUT,GET:/apps/*/query-profiles/**
PATCH,HEAD,POST,PUT,DELETE,GET:/apps/*/query-rewrite/**
PUT,GET:/solr/**
PUT,GET:/query/**
PUT,GET:/collections/**
HEAD,PUT,DELETE,GET:/apps/<APP_NAME>/**
PUT,GET:/apps/
PATCH,HEAD,POST,PUT,DELETE,GET:/business-rules**
PATCH,HEAD,POST,PUT,DELETE,GET:/rules/**
GET:/license
GET:/blobs/**
GET:/session
POST,HEAD,PUT,GET,DELETE,PATCH:/predictive-merchandiser/**
GET:/experience-optimizer/build/**
POST:/solr/<APP_NAME>_signals/query/**
POST:/solr/<APP_NAME>_job_reports/query/**

Additionally, assign All UI permissions to the role to allow access to the Fusion Admin UI.

 

Restrict Solr collection creation via the Admin UI

To prevent users from creating new collections using the “New here? Get started...” prompt in the Admin UI, remove the POST permission for the app resource path:

Change this:

HEAD,POST,PUT,DELETE,GET:/apps/<APP_NAME>/**

To this:

HEAD,PUT,DELETE,GET:/apps/<APP_NAME>/**

This restricts the ability to submit collection-creation requests while still allowing the UI element to appear.

 

Optional: Validate access

After updating the role:

  • Log in as a user with the role.

  • Confirm access to only the Rules, Rewrites, and Analytics dashboards.

  • Attempt to trigger the “Get Started” workflow and verify collection creation is blocked.

 

Notes

  • UI elements such as the “New here?” prompt may still display, but restricted users will be blocked from performing actions like collection creation if POST access is removed.

  • These permission sets assume default service mappings. If using custom endpoints or security mappings, verify the paths align with your deployment.

Related articles

Powered by Zendesk