I would do the field visibility one layer up from the search engine. That layer already knows about the user and can request the appropriate fields. Or request them all (better HTTP caching) and only show the appropriate ones.
As I understand your application, putting access control in Solr doesn't make search faster or more accurate. Add a filter query to requests to restrict to the allowed documents, and you are good. I wouldn't worry too much about putting all the text in one field for speed. I tried that and it does help, but it means that you must rebuild the index when you need to change the mapping. I'm keeping things in separate fields and searching them all at query time (with boosts). wunder On 9/18/08 8:04 AM, "Ryan McKinley" <[EMAIL PROTECTED]> wrote: > > On Sep 18, 2008, at 3:23 AM, Geoff Hopson wrote: > >> As per other thread >> >> 1) security down to field level >> > > how complex of a security model do you need? > > Is each users field visibility totally distinct? are there a few > basic groups? > > If you are willing to write (or hire someone to write) a custom > SearchComponent, you can remove fields from a response for a given > users. > > ryan
