https://wiki.apache.org/solr/SolrSecurity#Document_Level_Security <https://wiki.apache.org/solr/SolrSecurity#Document_Level_Security>
-- Jan Høydahl, search solution architect Cominvent AS - www.cominvent.com > 18. okt. 2016 kl. 23.00 skrev John Bickerstaff <j...@johnbickerstaff.com>: > > I have a question that I suspect I'll need to answer very soon in my > current position. > > How (or is it even wise) to "segregate data" in Solr so that some data can > be seen by some users and some data not be seen? > > Taking the case of "public / private" as a (hopefully) simple, binary > example... > > Let's imagine I have a data set that can be seen by a user. Some of that > data can be seen ONLY by the user (this would be the private data) and some > of it can be seen by others (assume the user gave permission for this in > some way) > > What is a best practice for handling this type of situation? I can see > putting metadata in Solr of course, but the instant I do that, I create the > obligation to keep it updated (Document-level CRUD?) and I start using Solr > more like a DB than a search engine. > > (Assume the user can change this public/private setting on any one piece of > "their" data at any time). > > Of course, I can also see some kind of post-results massaging of data to > remove private data based on ID's which are stored in a database or similar > datastore... > > How have others solved this and is there a consensus on whether to keep it > out of Solr, or how best to handle it in Solr? > > Are there clever implementations of "secondary" collections in Solr for > this purpose? > > Any advice / hard-won experience is greatly appreciated...
