Dawid Iwo Cokan created OAK-9381: ------------------------------------ Summary: Access check delegated to query execution Key: OAK-9381 URL: https://issues.apache.org/jira/browse/OAK-9381 Project: Jackrabbit Oak Issue Type: Wish Reporter: Dawid Iwo Cokan
We are implementing a system to manage documents based on Jackrabbit Oak. We store thousands of them and we have have access rules set individually for every document (due to business requirements). We have configured the Lucene index to support all our queries but there are some users in the system that have access to only small subset of documents. When one of such user invokes the search it takes long time because OAK will first use index to read all results matching constraints and only then will check whether user has access to it. We were evaluating how to improve this and we simply added additional property to our document nodes and saved list of user ids who can read particular node. Then we extended definition of Lucene index to include this field. Next we ensured that all queries we perform add the condition for that property. Now results coming from LuceneIndex are 100% matched with current user access and perfomance is very good. I am adding this as a Wish as this should be for sure discussed in wider public. Especially there are known limitations / problems: * Lucene would not support negation of the property so if the node would have DENY set for some principal it would still have to be checked in memory * The property would be visible when reading a node, so would have to ensure it gets hidden * We'd have to ensure the property is aligned with current state of ACL, also when parent node settings are changed * Principal can have child principals and can be resolved dynamically so the finite list of all principal names who can access the node might vary over the time * In case of inheriting access the same principal would have to be set for each of the node in structure -- This message was sent by Atlassian Jira (v8.3.4#803005)