Yes, the ownerUid will likely be assigned once and never changed. But you still need it, in order to keep track of who has contributed which document.
I've been going over some of the simpler query scenarios, and Solr is capable of handling them without having to resort to an external RDBMS. In order to limit documents to those which a given user owns, or those to which he has been granted access, the syntax fragment would be something like; ownerUid:ab2734 or grantedUid:ab2734 where abs2734 is the uid for the user doing the query. However, I'm less comfortable with more complex query scenarios, particularly if the concept of groups is eventually introduced, which is likely in my scenario. In the latter case, it may be necessary to use an external RDBMS. I'll plead ignorance of the 'ineluctable filter query' and will have to read up on that one. With respect to updates to rights, they are not likely to be that frequent, but when they are, they entire document will have to be reindexed rather than simply updating the grantedUid and/or deniedUid fields. I don't believe Solr supports the updating of individual fields, at least not yet. This may be another reason to eventually go to an external RDBMS. Thanks very much for your help! Terence -----Original Message----- From: Michael Ludwig Sent: May 13, 2009 05:27 To: solr-user@lucene.apache.org Subject: Re: Selective Searches Based on User Identity Terence Gannon schrieb: > Paul -- thanks for the reply, I appreciate it. That's a very > practical approach, and is worth taking a closer look at. Actually, > taking your idea one step further, perhaps three fields; 1) ownerUid > (uid of the document's owner) 2) grantedUid (uid of users who have > been granted access), and 3) deniedUid (uid of users specifically > denied access to the document). Grants might change quite a bit, the owner will likely remain the same. Wouldn't it be better to include only the owner in the document and store grants someplace else, like in an RDBMS or - if you don't want one - a lightweight embedded database like BDB? That way you could have your application tag an ineluctable filter query onto each and every user query, which would ensure to include only those documents in the results the owner of which has granted the user access. Considering that I'm a Solr/Lucene newbie, this approach might have a disadvantage that escapes me, which is why other people haven't made this particular suggestion. If so, I'd be happy to learn why this isn't preferable. Michael Ludwig
