On 18/11/2015 07:55, Noble Paul wrote:
I haven't evaluated manifoldCF for this .
However , my preference would be to have a generic mechanism in built
into Solr to restrict user access to certain docs based on some field
values. Relying on external tools make life complex for users who do
not like it.
Our strategy is
* Provide a pluggable framework so that custom external solutions can
be plugged in
* Provide a standard implementation which does not depend upon any
external solutions
any suggestions are welcome
Hi,
We're working on an external JOIN as part of the BioSolr project:
basically this lets you filter result sets with an external query (which
could be an authentication system of some kind). There's a patch at
https://issues.apache.org/jira/browse/SOLR-7341 and the author, Tom
Winch, is working on a blog post to explain it further - it'll hopefully
be up on http://www.flax.co.uk/blog within the week.
Cheers
Charlie
PS If anyone fancies a trip to Cambridge UK this February we're running
a free 'search for bioinformatics' event
http://www.ebi.ac.uk/pdbe/about/events/open-source-search-bioinformatics
On Wed, Nov 11, 2015 at 12:07 AM, Susheel Kumar <susheel2...@gmail.com> wrote:
Thanks everyone for the suggestions.
Hi Noble - Were there any thoughts made on utilizing Apache ManifoldCF
while developing Authentication/Authorization plugins or anything to add
there.
Thanks,
Susheel
On Tue, Nov 10, 2015 at 5:01 AM, Alessandro Benedetti <abenede...@apache.org
wrote:
I've been working for a while with Apache ManifoldCF and Enterprise Search
in Solr ( with Document level security) .
Basically you can add a couple of extra fields , for example :
allow_token : containing all the tokens that can view the document
deny_token : containing all the tokens that are denied to view the document
Apache ManifoldCF provides an integration that add an additional layer, and
is able to combine different data sources permission schemes.
The Authority Service endpoint will take in input the user name and return
all the allow_token values and deny_token.
At this point you can append the related filter queries to your queries and
be sure that the user will only see what is supposed to see.
It's basically an extension of the strategy you were proposing, role based.
Of course keep protected your endpoints and avoid users to put custom fq,
or all your document security model would be useless :)
Cheers
On 9 November 2015 at 21:52, Scott Stults <
sstu...@opensourceconnections.com
wrote:
Susheel,
This is perfectly fine for simple use-cases and has the benefit that the
filterCache will help things stay nice and speedy. Apache ManifoldCF
goes a
bit further and ties back to your authentication and authorization
mechanism:
http://manifoldcf.apache.org/release/trunk/en_US/concepts.html#ManifoldCF+security+model
k/r,
Scott
On Thu, Nov 5, 2015 at 2:26 PM, Susheel Kumar <susheel2...@gmail.com>
wrote:
Hi,
I have seen couple of use cases / need where we want to restrict result
of
search based on role of a user. For e.g.
- if user role is admin, any document from the search result will be
returned
- if user role is manager, only documents intended for managers will be
returned
- if user role is worker, only documents intended for workers will be
returned
Typical practise is to tag the documents with the roles (using a
multi-valued field) during indexing and then during search append
filter
query to restrict result based on roles.
Wondering if there is any other better way out there and if this common
requirement should be added as a Solr feature/plugin.
The current security plugins are more towards making Solr
apis/resources
secure not towards securing/controlling data during search.
https://cwiki.apache.org/confluence/display/solr/Authentication+and+Authorization+Plugins
Please share your thoughts.
Thanks,
Susheel
--
Scott Stults | Founder & Solutions Architect | OpenSource Connections,
LLC
| 434.409.2780
http://www.opensourceconnections.com
--
--------------------------
Benedetti Alessandro
Visiting card : http://about.me/alessandro_benedetti
"Tyger, tyger burning bright
In the forests of the night,
What immortal hand or eye
Could frame thy fearful symmetry?"
William Blake - Songs of Experience -1794 England
--
Charlie Hull
Flax - Open Source Enterprise Search
tel/fax: +44 (0)8700 118334
mobile: +44 (0)7767 825828
web: www.flax.co.uk
