Re: Solr Search: Access Control / Role based security

[Jack Krupansky]

The best practice would be to implement an application layer API that
enforces security and prevents application clients from directly accessing
Solr.

LucidWorks Fusion (or their earlier LucidWorks Enterprise product) supports
access control via search filters, including LDAP integration:
https://docs.lucidworks.com/display/help/Search+Filters+for+Access+Control

-- Jack Krupansky

On Thu, Nov 5, 2015 at 2:26 PM, Susheel Kumar  wrote:

> Hi,
>
> I have seen couple of use cases / need where we want to restrict result of
> search based on role of a user.  For e.g.
>
> - if user role is admin, any document from the search result will be
> returned
> - if user role is manager, only documents intended for managers will be
> returned
> - if user role is worker, only documents intended for workers will be
> returned
>
> Typical practise is to tag the documents with the roles (using a
> multi-valued field) during indexing and then during search append filter
> query to restrict result based on roles.
>
> Wondering if there is any other better way out there and if this common
> requirement should be added as a Solr feature/plugin.
>
> The current security plugins are more towards making Solr apis/resources
> secure not towards securing/controlling data during search.
> https://cwiki.apache.org/confluence/display/solr/Authentication+and+Authorization+Plugins
>
>
> Please share your thoughts.
>
> Thanks,
> Susheel
>
>
>

Re: Solr Search: Access Control / Role based security

[Noble Paul]

the security model currently is about protecting specific end points
and it is not extended to doc level/column level. However, you can
implement an AuthorizationPlugin which can manipulate the incoming
queries based on rules

On Fri, Nov 6, 2015 at 1:18 AM, Jack Krupansky  wrote:
> The best practice would be to implement an application layer API that
> enforces security and prevents application clients from directly accessing
> Solr.
>
> LucidWorks Fusion (or their earlier LucidWorks Enterprise product) supports
> access control via search filters, including LDAP integration:
> https://docs.lucidworks.com/display/help/Search+Filters+for+Access+Control
>
> -- Jack Krupansky
>
> On Thu, Nov 5, 2015 at 2:26 PM, Susheel Kumar  wrote:
>>
>> Hi,
>>
>> I have seen couple of use cases / need where we want to restrict result of
>> search based on role of a user.  For e.g.
>>
>> - if user role is admin, any document from the search result will be
>> returned
>> - if user role is manager, only documents intended for managers will be
>> returned
>> - if user role is worker, only documents intended for workers will be
>> returned
>>
>> Typical practise is to tag the documents with the roles (using a
>> multi-valued field) during indexing and then during search append filter
>> query to restrict result based on roles.
>>
>> Wondering if there is any other better way out there and if this common
>> requirement should be added as a Solr feature/plugin.
>>
>> The current security plugins are more towards making Solr apis/resources
>> secure not towards securing/controlling data during search.
>> https://cwiki.apache.org/confluence/display/solr/Authentication+and+Authorization+Plugins
>>
>> Please share your thoughts.
>>
>> Thanks,
>> Susheel
>>
>>
>



-- 
-
Noble Paul

-
To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
For additional commands, e-mail: dev-h...@lucene.apache.org