As far as I can see, 1- You should be able to store the ACL in a field(like AccessRights) somehow, so that some docs (for ex.,doc2 in a search ""Text:text*)can be stripped out from the search result like( "+AccessRights:user1") BUT, you don't want it for performance etc. reasons.
2- Search results should be filtered (in a loop while reading the docs from index?) before returning to user, utilizing the field "AccessRights". 3- You are in trouble :-) DIGY -----Original Message----- From: Brian Victor [mailto:[email protected]] Sent: Wednesday, April 01, 2009 8:37 PM To: [email protected] Subject: Re: Filtering queries On Wed, Apr 01, 2009 at 08:27:08PM +0300, Digy wrote: >Doc1: > Title: "title1" //everyone can see. > Text: "text1" //only user1 can see > >Doc2: > Title: "title2" //everyone can see. > Text: "text2" //only user2 can see > > >If I make a search(as user1) like "Title:title*" then I should get 2 hits >but I should not read the "Text" field of Doc2. > >Am I correct? Yes. Moreover, if you're user1 and you search for "text", you should only get one hit. And to add yet another winkle, user3 may not be allowed to see Doc1 at all. So for any given user/document combination, one of the following applies: 1) User can read every field in document 2) User can read "text" field in document 3) User cannot read any part of document -- Brian
