Hi Aseem - I had a similar challenge. The solution that works for my case was to add "role" as a repeating string value in the solr schema.
Each piece of content contains 1 or more roles and these values are supplied to solr for indexing. Users also have one or more roles (which correspond exactly to the metadata placed on content and supplied to Solr.) So when peforming the search query, we add add an fq parameter to filter search results. For example q=Search Phrase&fq=role:(role1 || role2 || role3) Note that ultimate restriction to content is handled elsewhere, this is only done as a filtering mechanism for search results. Additionally, we do not have unlimited sets of roles and that helps to keep the query string on the HTTP GET to a minimum. Finally, the roles for my system are additive such that if there is a match on any one role - the user has access - so an OR clause works. Your system may have more complex role rules. -----Original Message----- From: aseem cheema [mailto:aseemche...@gmail.com] Sent: Thursday, November 19, 2009 5:00 PM To: solr-user@lucene.apache.org Subject: Filtering query results Hey Guys, I need to filter out some results based on who is performing the search. In other words, if a document is not accessible to a user performing search, I don't want it to be in the result set. What is the best/easiest way to do this reliable/securely in Solr? Thanks -- Aseem
