Look at SOLR-2010 which has patches for 1.4.1 and trunk. It works with the spellcheck "collate" functionality and ensures that collations are returned only if they can result in hits if requeried (it tests each collation with any "fq" you put on the original query). This would effectively prevent users from seeing sensitive data in their spell suggestions.
James Dyer E-Commerce Systems Ingram Content Group (615) 213-4311 -----Original Message----- From: Peter Wolanin [mailto:peter.wola...@acquia.com] Sent: Thursday, October 07, 2010 9:00 AM To: solr-user@lucene.apache.org Subject: access control for spellcheck suggestions? We have a content access control system that works well for the actual search results, but we see that the spellcheck suggestions include words that are not within the set of documents the current user is allowed to access. Does anyone have an approach to this problem for Solr 1.4.x? Anything new in Solr trunk to address this? Maybe spellcheck.<DICT_NAME>.key? Is there something in the Solr API that lets us control which spellcheck index a certain document goes into at index time, since one approach might be to at least obey some gross access control rules per user role by having multiple spellcheck indexes. -Peter -- Peter M. Wolanin, Ph.D. : Momentum Specialist, Acquia. Inc. peter.wola...@acquia.com : 978-296-5247 "Get a free, hosted Drupal 7 site: http://www.drupalgardens.com"