On Jul 6, 2010, at 8:27am, osocurious2 wrote:
Someone else was recently asking a similar question (or maybe it was
you but
worded differently :) ).
Putting user level security at a document level seems like a recipe
for
pain. Solr/Lucene don't do frequent update well...and being highly
optimized
for query, I don't blame them. Is there any way to create a series
of roles
that you can apply to your documents? If the security level of the
document
isn't changing, just the user access to them, give the docs a role
in the
index, put your user/usergroup stuff in a DB or some other system and
resolve your user into valid roles, then FilterQuery on role.
You're right, baking in too fine-grained a level of security
information is a bad idea.
As one example that worked pretty well for code search with Krugle, we
set access control on a per project level using LDAP groups - ie each
project had some number of groups that were granted access rights.
Each file in the project would inherit the same list of groups.
Then, when a user logs in they get authenticated via LDAP, and we have
the set of groups they belong to being returned by the LDAP server.
This then becomes a fairly well-bounded list of "terms" for an OR
query against the "acl-groups" field in each file/project document.
Just don't forget to set the boost to 0 for that portion of the query :)
-- Ken
--------------------------------------------
Ken Krugler
+1 530-210-6378
http://bixolabs.com
e l a s t i c w e b m i n i n g