I think both of those overlap at some point but aren't really directly related or problems that would be solved in the same manner.
Document level security, though can be implemented using custom authentication/authorization plugins, but there are a fair amount of users who use ManifoldCF for the same. So it's totally your pick. I'm not 100% sure, but I think using a custom authentication/authorization plugin + an update request processor is more work than using ManifoldCF for that purpose. On Tue, Nov 10, 2015 at 10:37 AM, Susheel Kumar <susheel2...@gmail.com> wrote: > Thanks everyone for the suggestions. > > Hi Noble - Were there any thoughts made on utilizing Apache ManifoldCF > while developing Authentication/Authorization plugins or anything to add > there. > > Thanks, > Susheel > > On Tue, Nov 10, 2015 at 5:01 AM, Alessandro Benedetti < > abenede...@apache.org > > wrote: > > > I've been working for a while with Apache ManifoldCF and Enterprise > Search > > in Solr ( with Document level security) . > > Basically you can add a couple of extra fields , for example : > > > > allow_token : containing all the tokens that can view the document > > deny_token : containing all the tokens that are denied to view the > document > > > > Apache ManifoldCF provides an integration that add an additional layer, > and > > is able to combine different data sources permission schemes. > > The Authority Service endpoint will take in input the user name and > return > > all the allow_token values and deny_token. > > At this point you can append the related filter queries to your queries > and > > be sure that the user will only see what is supposed to see. > > > > It's basically an extension of the strategy you were proposing, role > based. > > Of course keep protected your endpoints and avoid users to put custom fq, > > or all your document security model would be useless :) > > > > Cheers > > > > > > On 9 November 2015 at 21:52, Scott Stults < > > sstu...@opensourceconnections.com > > > wrote: > > > > > Susheel, > > > > > > This is perfectly fine for simple use-cases and has the benefit that > the > > > filterCache will help things stay nice and speedy. Apache ManifoldCF > > goes a > > > bit further and ties back to your authentication and authorization > > > mechanism: > > > > > > > > > > > > http://manifoldcf.apache.org/release/trunk/en_US/concepts.html#ManifoldCF+security+model > > > > > > > > > k/r, > > > Scott > > > > > > On Thu, Nov 5, 2015 at 2:26 PM, Susheel Kumar <susheel2...@gmail.com> > > > wrote: > > > > > > > Hi, > > > > > > > > I have seen couple of use cases / need where we want to restrict > result > > > of > > > > search based on role of a user. For e.g. > > > > > > > > - if user role is admin, any document from the search result will be > > > > returned > > > > - if user role is manager, only documents intended for managers will > be > > > > returned > > > > - if user role is worker, only documents intended for workers will be > > > > returned > > > > > > > > Typical practise is to tag the documents with the roles (using a > > > > multi-valued field) during indexing and then during search append > > filter > > > > query to restrict result based on roles. > > > > > > > > Wondering if there is any other better way out there and if this > common > > > > requirement should be added as a Solr feature/plugin. > > > > > > > > The current security plugins are more towards making Solr > > apis/resources > > > > secure not towards securing/controlling data during search. > > > > > > > > > > > > > > https://cwiki.apache.org/confluence/display/solr/Authentication+and+Authorization+Plugins > > > > > > > > > > > > Please share your thoughts. > > > > > > > > Thanks, > > > > Susheel > > > > > > > > > > > > > > > > -- > > > Scott Stults | Founder & Solutions Architect | OpenSource Connections, > > LLC > > > | 434.409.2780 > > > http://www.opensourceconnections.com > > > > > > > > > > > -- > > -------------------------- > > > > Benedetti Alessandro > > Visiting card : http://about.me/alessandro_benedetti > > > > "Tyger, tyger burning bright > > In the forests of the night, > > What immortal hand or eye > > Could frame thy fearful symmetry?" > > > > William Blake - Songs of Experience -1794 England > > > -- Anshum Gupta
