Thanks everyone for the suggestions. Hi Noble - Were there any thoughts made on utilizing Apache ManifoldCF while developing Authentication/Authorization plugins or anything to add there.
Thanks, Susheel On Tue, Nov 10, 2015 at 5:01 AM, Alessandro Benedetti <abenede...@apache.org > wrote: > I've been working for a while with Apache ManifoldCF and Enterprise Search > in Solr ( with Document level security) . > Basically you can add a couple of extra fields , for example : > > allow_token : containing all the tokens that can view the document > deny_token : containing all the tokens that are denied to view the document > > Apache ManifoldCF provides an integration that add an additional layer, and > is able to combine different data sources permission schemes. > The Authority Service endpoint will take in input the user name and return > all the allow_token values and deny_token. > At this point you can append the related filter queries to your queries and > be sure that the user will only see what is supposed to see. > > It's basically an extension of the strategy you were proposing, role based. > Of course keep protected your endpoints and avoid users to put custom fq, > or all your document security model would be useless :) > > Cheers > > > On 9 November 2015 at 21:52, Scott Stults < > sstu...@opensourceconnections.com > > wrote: > > > Susheel, > > > > This is perfectly fine for simple use-cases and has the benefit that the > > filterCache will help things stay nice and speedy. Apache ManifoldCF > goes a > > bit further and ties back to your authentication and authorization > > mechanism: > > > > > > > http://manifoldcf.apache.org/release/trunk/en_US/concepts.html#ManifoldCF+security+model > > > > > > k/r, > > Scott > > > > On Thu, Nov 5, 2015 at 2:26 PM, Susheel Kumar <susheel2...@gmail.com> > > wrote: > > > > > Hi, > > > > > > I have seen couple of use cases / need where we want to restrict result > > of > > > search based on role of a user. For e.g. > > > > > > - if user role is admin, any document from the search result will be > > > returned > > > - if user role is manager, only documents intended for managers will be > > > returned > > > - if user role is worker, only documents intended for workers will be > > > returned > > > > > > Typical practise is to tag the documents with the roles (using a > > > multi-valued field) during indexing and then during search append > filter > > > query to restrict result based on roles. > > > > > > Wondering if there is any other better way out there and if this common > > > requirement should be added as a Solr feature/plugin. > > > > > > The current security plugins are more towards making Solr > apis/resources > > > secure not towards securing/controlling data during search. > > > > > > > > > https://cwiki.apache.org/confluence/display/solr/Authentication+and+Authorization+Plugins > > > > > > > > > Please share your thoughts. > > > > > > Thanks, > > > Susheel > > > > > > > > > > > -- > > Scott Stults | Founder & Solutions Architect | OpenSource Connections, > LLC > > | 434.409.2780 > > http://www.opensourceconnections.com > > > > > > -- > -------------------------- > > Benedetti Alessandro > Visiting card : http://about.me/alessandro_benedetti > > "Tyger, tyger burning bright > In the forests of the night, > What immortal hand or eye > Could frame thy fearful symmetry?" > > William Blake - Songs of Experience -1794 England >
