Yonik, your reply was incredibly helpful. Thank you very much!
The "join" approach to document security you explained is somewhat
similar to what I called "Option 2" (ACL PostFilter) since permissions
are stored in each document, but it's much simpler in that I'm not
required to write, compile, an
Depending on requirements, another option for simple security is to
store the security info in the index and utilize a join. This really
only works when you have a single shard since joins aren't
distributed.
# the documents, with permissions
id:doc1, perms:public,...
id:doc2, perms:group1 group2
