Solr filters already provide a restricted review of results, so the code that calls Solr can choose the appropriate handler for each class of users. Make sure that end users cannot directly access the Solr server, or at least not the search URL (/solr/select).
Building authentication and authorization and roles and data access controls into Solr would be possible, but a big job. Your front end code already has that, right? Add a role or access class to each indexed item, then use that in the queries, probably in a filter specified in a request handler. That keeps the definition of the filter within Solr. For example, you can create a request handler named "admin", a field named "role", and add a filter of "role:admin". wunder On 1/25/08 6:24 AM, "Karen Loughran" <[EMAIL PROTECTED]> wrote: > > Hi all, > > Is there any interest/activity for SOLR to provide a restricted view of an > index, making only certain fields available/public, depending on the identity > of the requesting client ? Certain information in our index is confidential > and should only be accessible to certain individuals/groups, > > Thanks > Karen
