Dawid Iwo Cokan created OAK-9381:
------------------------------------
Summary: Access check delegated to query execution
Key: OAK-9381
URL: https://issues.apache.org/jira/browse/OAK-9381
Project: Jackrabbit Oak
Issue Type: Wish
Reporter: Dawid Iwo Cokan
We are implementing a system to manage documents based on Jackrabbit Oak. We
store thousands of them and we have have access rules set individually for
every document (due to business requirements). We have configured the Lucene
index to support all our queries but there are some users in the system that
have access to only small subset of documents. When one of such user invokes
the search it takes long time because OAK will first use index to read all
results matching constraints and only then will check whether user has access
to it.
We were evaluating how to improve this and we simply added additional property
to our document nodes and saved list of user ids who can read particular node.
Then we extended definition of Lucene index to include this field.
Next we ensured that all queries we perform add the condition for that
property. Now results coming from LuceneIndex are 100% matched with current
user access and perfomance is very good.
I am adding this as a Wish as this should be for sure discussed in wider
public. Especially there are known limitations / problems:
* Lucene would not support negation of the property so if the node would have
DENY set for some principal it would still have to be checked in memory
* The property would be visible when reading a node, so would have to ensure
it gets hidden
* We'd have to ensure the property is aligned with current state of ACL, also
when parent node settings are changed
* Principal can have child principals and can be resolved dynamically so the
finite list of all principal names who can access the node might vary over the
time
* In case of inheriting access the same principal would have to be set for
each of the node in structure
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
