Hi, I don't understand all the details, but I'll inline a few comments.
----- Original Message ---- > From: Geoff Hopson <[EMAIL PROTECTED]> > To: solr-user@lucene.apache.org > Sent: Thursday, September 18, 2008 1:44:33 AM > Subject: Field level security > > Hi, > > First post/question, so please be gentle :-) > > I am trying to put together a security model around fields in my > index. My requirement is that a user may not have permission to view > certain fields in the index when he does a search. For example, he may > have permission to see the name and address, but not the occupation. > Whereas a different user with different permissions will be able to > search all 3 fields. What exactly is restricted? Viewing of specific fields in results, or searching in specific fields? If it's the former, you could tell Solr which fields to return using %fl=field1,field2... If it's the latter, you could always write a custom SearchComponent that takes your custom "userType" or "allowedFields" parameter and constructs a query based on that. > What is the best way to model this? > > My current stab at this has a document-level security level set (I > have a field called security_default), and all fields have this > default. If there are exceptions, I have a multiValued field called > 'security_exceptions' where I comma delimit the fild name and > different access permission for that field. Eg I might have > 'occupation=Restricted' in that field. > > This falls over when I copyField fields into a text field for easier > searching. Searching across multiple fields is pretty easy, too. I'd stick to that, as that also lets you assign different weight to different fields. Otis > Has anyone else attempted to do this and are willing to share their ideas? > > Thanks in advance, > Geoff
