I would love to see record level (or even field level) restricted access in Solr / Lucene.
This should be group level, LDAP like or some rule base (which can be dynamic). If the solution means having a second core, so be it. The following is the closest I found: https://wiki.apache.org/solr/SolrSecurity#Document_Level_Security but I cannot use Manifold CF (Connector Framework). Does anyone know how Manifold does it? - MJ -----Original Message----- From: Markus Jelsma [mailto:markus.jel...@openindex.io] Sent: Thursday, March 12, 2015 6:51 PM To: solr-user@lucene.apache.org Subject: RE: [Poll]: User need for Solr security Jan - we don't really need any security for our products, nor for most clients. However, one client does deal with very sensitive data so we proposed to encrypt the transfer of data and the data on disk through a Lucene Directory. It won't fill all gaps but it would adhere to such a client's guidelines. I think many approaches of security in Solr/Lucene would find advocates, be it index encryption or authentication/authorization or transport security, which is now possible. I understand the reluctance of the PMC, and i agree with it, but some users would definitately benefit and it would certainly make Solr/Lucene the search platform to use for some enterprises. Markus -----Original message----- > From:Henrique O. Santos <hensan...@gmail.com> > Sent: Thursday 12th March 2015 23:43 > To: solr-user@lucene.apache.org > Subject: Re: [Poll]: User need for Solr security > > Hi, > > I’m currently working with indexes that need document level security. Based > on the user logged in, query results would omit documents that this user > doesn’t have access to, with LDAP integration and such. > > I think that would be nice to have on a future Solr release. > > Henrique. > > > On Mar 12, 2015, at 7:32 AM, Jan Høydahl <jan....@cominvent.com> wrote: > > > > Hi, > > > > Securing various Solr APIs has once again surfaced as a discussion > > in the developer list. See e.g. SOLR-7236 Would be useful to get some > > feedback from Solr users about needs "in the field". > > > > Please reply to this email and let us know what security aspect(s) would be > > most important for your company to see supported in a future version of > > Solr. > > Examples: Local user management, AD/LDAP integration, SSL, > > authenticated login to Admin UI, authorization for Admin APIs, e.g. > > admin user vs read-only user etc > > > > -- > > Jan Høydahl, search solution architect Cominvent AS - > > www.cominvent.com > > > >
