Most security systems don't authenticate by user, they authenticate by roles. Each user has one or more roles. In one large enterprise there are 7000 roles (including printer access), each user may have 300, and each document may have 20-50.
It works well to add roles as a multivalued field in the document, then search for the roles that a user presents. A document that has any role presented by the user will be visible to the user. It's a little slow, but faster than the above approaches. Some side problems: spellchecking & autosuggestions should not show terms that are not in a document available to the user. If a secret document is named 'Project Xanadu', you can't autocomplete 'project xanadu' to the user and then say, "no documents found for this search". On Thu, Jan 20, 2011 at 11:05 PM, Grijesh <pintu.grij...@gmail.com> wrote: > > Hi Rok, > > I have used about 250000 ids with OR Operator and its working fine for > me.Just Have to Increase the MaxBoolClouse parameter and also have to > configure max header size on Servlet container to enable for big query > requests. > > ----- > Thanx: > Grijesh > -- > View this message in context: > http://lucene.472066.n3.nabble.com/Document-level-security-tp2298066p2300117.html > Sent from the Solr - User mailing list archive at Nabble.com. > -- Lance Norskog goks...@gmail.com
