The best practice would be to implement an application layer API that
enforces security and prevents application clients from directly accessing
Solr.
LucidWorks Fusion (or their earlier LucidWorks Enterprise product) supports
access control via search filters, including LDAP integration:
Hi,
I have seen couple of use cases / need where we want to restrict result of
search based on role of a user. For e.g.
- if user role is admin, any document from the search result will be
returned
- if user role is manager, only documents intended for managers will be
returned
- if user role
the security model currently is about protecting specific end points
and it is not extended to doc level/column level. However, you can
implement an AuthorizationPlugin which can manipulate the incoming
queries based on rules
On Fri, Nov 6, 2015 at 1:18 AM, Jack Krupansky