Thank you much for your responses guys. I do not have ACL. I need to make a web service call to find out if a user has access to a document. I was hoping to get search results, call the web service with the IDs from the search results telling me what IDs the user has access to, and then filter others before returning back to the user. ACL and role based fq is definitely some food for thought. I will need to figure out the synchronization issues.
Thanks Aseem On Fri, Nov 20, 2009 at 8:04 AM, Glock, Thomas <thomas.gl...@pfizer.com> wrote: > Hi Aseem - > > I had a similar challenge. The solution that works for my case was to > add "role" as a repeating string value in the solr schema. > > Each piece of content contains 1 or more roles and these values are > supplied to solr for indexing. > > Users also have one or more roles (which correspond exactly to the > metadata placed on content and supplied to Solr.) > > So when peforming the search query, we add add an fq parameter to filter > search results. For example q=Search Phrase&fq=role:(role1 || role2 || > role3) > > Note that ultimate restriction to content is handled elsewhere, this is > only done as a filtering mechanism for search results. Additionally, we > do not have unlimited sets of roles and that helps to keep the query > string on the HTTP GET to a minimum. Finally, the roles for my system > are additive such that if there is a match on any one role - the user > has access - so an OR clause works. Your system may have more complex > role rules. > > -----Original Message----- > From: aseem cheema [mailto:aseemche...@gmail.com] > Sent: Thursday, November 19, 2009 5:00 PM > To: solr-user@lucene.apache.org > Subject: Filtering query results > > Hey Guys, > I need to filter out some results based on who is performing the search. > In other words, if a document is not accessible to a user performing > search, I don't want it to be in the result set. What is the > best/easiest way to do this reliable/securely in Solr? > Thanks > -- > Aseem > -- Aseem
