Hi all,
Can anyone give me some advice on breaking a document up and indexing it
by access control lists. What we have are xml documents that are
transformed based on the user viewing it. Some users might see all of
the document, while other may see a few fields, and yet others see
nothing at all. The access control lists may be a role the user belongs
to, it may be a list of groups, or even a combination of the two.
I can transform the xml to the plain text that I want to index, and key
it off of the acls and then pass along a list of acls that the user
issuing a query belongs to when searching. But I guess I'm not really
sure how to do this the best way.
Anyone have any thoughts?
Given the requirement to break down a document into separately
controlled pieces, I'd create a servlet that "fronts" the Solr
servlet and handles this conversion. I could think of ways to do it
using Solr, but they feel like unnatural acts.
As a general comment on ACLs, one relatively easy way to handle this
is via group ids that you use to restrict the query. Each document
has a groupid with a list of group ids that are authorized to access
it. Each user query is converted into a (query) AND (groupid:xx OR
groupid:yy), where xx/yy (and so on) are the groups that the user
belongs to.
-- Ken
--
Ken Krugler
Krugle, Inc.
+1 530-210-6378
"If you can't find it, you can't fix it"
