the security model currently is about protecting specific end points
and it is not extended to doc level/column level. However, you can
implement an AuthorizationPlugin which can manipulate the incoming
queries based on rules
On Fri, Nov 6, 2015 at 1:18 AM, Jack Krupansky wrote:
> The best practice would be to implement an application layer API that
> enforces security and prevents application clients from directly accessing
> Solr.
>
> LucidWorks Fusion (or their earlier LucidWorks Enterprise product) supports
> access control via search filters, including LDAP integration:
> https://docs.lucidworks.com/display/help/Search+Filters+for+Access+Control
>
> -- Jack Krupansky
>
> On Thu, Nov 5, 2015 at 2:26 PM, Susheel Kumar wrote:
>>
>> Hi,
>>
>> I have seen couple of use cases / need where we want to restrict result of
>> search based on role of a user. For e.g.
>>
>> - if user role is admin, any document from the search result will be
>> returned
>> - if user role is manager, only documents intended for managers will be
>> returned
>> - if user role is worker, only documents intended for workers will be
>> returned
>>
>> Typical practise is to tag the documents with the roles (using a
>> multi-valued field) during indexing and then during search append filter
>> query to restrict result based on roles.
>>
>> Wondering if there is any other better way out there and if this common
>> requirement should be added as a Solr feature/plugin.
>>
>> The current security plugins are more towards making Solr apis/resources
>> secure not towards securing/controlling data during search.
>> https://cwiki.apache.org/confluence/display/solr/Authentication+and+Authorization+Plugins
>>
>> Please share your thoughts.
>>
>> Thanks,
>> Susheel
>>
>>
>
--
-
Noble Paul
-
To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
For additional commands, e-mail: dev-h...@lucene.apache.org