Re: Restricted views of an index
Is there any interest/activity for SOLR to provide a restricted view of an index, making only certain fields available/public, depending on the identity of the requesting client? Certain information in our index is confidential and should only be accessible to certain individuals/groups, Another ad hoc approach... We already had a servlet that 'fronts' the Solr web service, so for us it was pretty easy to do something similar to your use case. We map a user to a list of groups (using LDAP), and then make that a required clause in the Solr request, against a field that contains allowable groups. -- Ken -- Ken Krugler Krugle, Inc. +1 530-210-6378 If you can't find it, you can't fix it
Restricted views of an index
Hi all, Is there any interest/activity for SOLR to provide a restricted view of an index, making only certain fields available/public, depending on the identity of the requesting client ? Certain information in our index is confidential and should only be accessible to certain individuals/groups, Thanks Karen
Re: Restricted views of an index
Karen Loughran wrote: Hi all, Is there any interest/activity for SOLR to provide a restricted view of an index, making only certain fields available/public, depending on the identity of the requesting client ? Certain information in our index is confidential and should only be accessible to certain individuals/groups, The standard solr server relies on your servlet container for authentication/authorization. Using off the shelf stuff, you can use the 'invariants' param to limit what fields are available for a given handler. And then register different handlers to various paths with path based authentication. Does this make sense? You could also inject your authentication logic into custom RequestHandlers, UpdateProcessors, and/or SearchComponents ryan
Re: Restricted views of an index
Solr filters already provide a restricted review of results, so the code that calls Solr can choose the appropriate handler for each class of users. Make sure that end users cannot directly access the Solr server, or at least not the search URL (/solr/select). Building authentication and authorization and roles and data access controls into Solr would be possible, but a big job. Your front end code already has that, right? Add a role or access class to each indexed item, then use that in the queries, probably in a filter specified in a request handler. That keeps the definition of the filter within Solr. For example, you can create a request handler named admin, a field named role, and add a filter of role:admin. wunder On 1/25/08 6:24 AM, Karen Loughran [EMAIL PROTECTED] wrote: Hi all, Is there any interest/activity for SOLR to provide a restricted view of an index, making only certain fields available/public, depending on the identity of the requesting client ? Certain information in our index is confidential and should only be accessible to certain individuals/groups, Thanks Karen
Re: Restricted views of an index
Thanks for the info Ryan Walter, We're looking into invariants and handler logic as you suggest, Karen On Friday 25 January 2008 15:55:09 Ryan McKinley wrote: Karen Loughran wrote: Hi all, Is there any interest/activity for SOLR to provide a restricted view of an index, making only certain fields available/public, depending on the identity of the requesting client ? Certain information in our index is confidential and should only be accessible to certain individuals/groups, The standard solr server relies on your servlet container for authentication/authorization. Using off the shelf stuff, you can use the 'invariants' param to limit what fields are available for a given handler. And then register different handlers to various paths with path based authentication. Does this make sense? You could also inject your authentication logic into custom RequestHandlers, UpdateProcessors, and/or SearchComponents ryan