the security model currently is about protecting specific end points and it is not extended to doc level/column level. However, you can implement an AuthorizationPlugin which can manipulate the incoming queries based on rules
On Fri, Nov 6, 2015 at 1:18 AM, Jack Krupansky <[email protected]> wrote: > The best practice would be to implement an application layer API that > enforces security and prevents application clients from directly accessing > Solr. > > LucidWorks Fusion (or their earlier LucidWorks Enterprise product) supports > access control via search filters, including LDAP integration: > https://docs.lucidworks.com/display/help/Search+Filters+for+Access+Control > > -- Jack Krupansky > > On Thu, Nov 5, 2015 at 2:26 PM, Susheel Kumar <[email protected]> wrote: >> >> Hi, >> >> I have seen couple of use cases / need where we want to restrict result of >> search based on role of a user. For e.g. >> >> - if user role is admin, any document from the search result will be >> returned >> - if user role is manager, only documents intended for managers will be >> returned >> - if user role is worker, only documents intended for workers will be >> returned >> >> Typical practise is to tag the documents with the roles (using a >> multi-valued field) during indexing and then during search append filter >> query to restrict result based on roles. >> >> Wondering if there is any other better way out there and if this common >> requirement should be added as a Solr feature/plugin. >> >> The current security plugins are more towards making Solr apis/resources >> secure not towards securing/controlling data during search. >> https://cwiki.apache.org/confluence/display/solr/Authentication+and+Authorization+Plugins >> >> Please share your thoughts. >> >> Thanks, >> Susheel >> >> > -- ----------------------------------------------------- Noble Paul --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
