Hi, We tend to recommend ManifoldCF for document level security since that is exactly what it is built for. So I doubt we'll see that as a built in feature in Solr. However, the Solr integration is really not that advanced, and I also see customers implementing similar logic themselves with success. On the document feeding side you need to add a few more fields to all your documents, typically include_acl and exclude_acl. Populate those fields with data from LDAP about who (what groups) have access to that document and who not. If it is open information, index a special token "open" in the include field. Then assuming your search client application has authenticated a user, you would construct a filter with this users groups, e.g. fq=include_acl:(groupA OR open)&fq=-exclude_acl:(groupA) The filter would be constructed either in your application or in a Solr search component or query parser.
-- Jan Høydahl, search solution architect Cominvent AS - www.cominvent.com > 13. mar. 2015 kl. 01.48 skrev johnmu...@aol.com: > > I would love to see record level (or even field level) restricted access in > Solr / Lucene. > > This should be group level, LDAP like or some rule base (which can be > dynamic). If the solution means having a second core, so be it. > > The following is the closest I found: > https://wiki.apache.org/solr/SolrSecurity#Document_Level_Security but I > cannot use Manifold CF (Connector Framework). Does anyone know how Manifold > does it? > > - MJ > > -----Original Message----- > From: Markus Jelsma [mailto:markus.jel...@openindex.io] > Sent: Thursday, March 12, 2015 6:51 PM > To: solr-user@lucene.apache.org > Subject: RE: [Poll]: User need for Solr security > > Jan - we don't really need any security for our products, nor for most > clients. However, one client does deal with very sensitive data so we > proposed to encrypt the transfer of data and the data on disk through a > Lucene Directory. It won't fill all gaps but it would adhere to such a > client's guidelines. > > I think many approaches of security in Solr/Lucene would find advocates, be > it index encryption or authentication/authorization or transport security, > which is now possible. I understand the reluctance of the PMC, and i agree > with it, but some users would definitately benefit and it would certainly > make Solr/Lucene the search platform to use for some enterprises. > > Markus > > -----Original message----- >> From:Henrique O. Santos <hensan...@gmail.com> >> Sent: Thursday 12th March 2015 23:43 >> To: solr-user@lucene.apache.org >> Subject: Re: [Poll]: User need for Solr security >> >> Hi, >> >> I’m currently working with indexes that need document level security. Based >> on the user logged in, query results would omit documents that this user >> doesn’t have access to, with LDAP integration and such. >> >> I think that would be nice to have on a future Solr release. >> >> Henrique. >> >>> On Mar 12, 2015, at 7:32 AM, Jan Høydahl <jan....@cominvent.com> wrote: >>> >>> Hi, >>> >>> Securing various Solr APIs has once again surfaced as a discussion >>> in the developer list. See e.g. SOLR-7236 Would be useful to get some >>> feedback from Solr users about needs "in the field". >>> >>> Please reply to this email and let us know what security aspect(s) would be >>> most important for your company to see supported in a future version of >>> Solr. >>> Examples: Local user management, AD/LDAP integration, SSL, >>> authenticated login to Admin UI, authorization for Admin APIs, e.g. >>> admin user vs read-only user etc >>> >>> -- >>> Jan Høydahl, search solution architect Cominvent AS - >>> www.cominvent.com >>> >> >> >
