Hello,
> With all do respect, I really think the problem is largely
underestimated here, and is far more complex then these
suggestions...unless we are talking about 100.000 documents, couple of
users, and updating ones a day. If you want millions of documents,
facetted authorized navigation including counting and every second a new
indexed document which should be reflected in the result instantly and
changing authorisations....the problem isn't relatively easy to solve
anymore :-)
When I had those kind of problems (less complex) with lucene, the only
idea was to filter from the front-end, according to the ACL policy.
Lucene docs and fields weren't protected, but tagged. Searching was
always applied with a field "audience", with hierarchical values like
"public, reserved, protected, secret", so that a "public" document has
the "secret" value also, to be found with a "audience:secret", according
to the rights of the user who searchs. For the fields, the not allowed
ones for some users where striped.
May be you can have a look to the xmldb Exist ? The search engine,
xquery based, is not focused on the same goals as lucene, but I can
promise you that all queries will never return results from documents
you are not allowed to read.
--
Frédéric Glorieux
École nationale des chartes
direction des nouvelles technologies et de l'informatique
