Hi, See SOLR-1872 for a way of providing access control, whilst placing the ACL configuration itself outside of Solr, which is generally a good idea. http://www.lucidimagination.com/search/out?u=http://issues.apache.org/jira/browse/SOLR-1872
There are a number of ways to approach Access Control, but you will need to take a number of factors into account that aren't issues if you're doing non-acl Solr queries. You can use this patch to achieve authentication and authorization, or use it as a template for similar techniques. Peter On Sat, Oct 23, 2010 at 9:03 AM, Paul Carey <paul.p.ca...@gmail.com> wrote: > Hi > > My domain model is made of users that have access to projects which > are composed of items. I'm hoping to use Solr and would like to make > sure that searches only return results for items that users have > access to. > > I've looked over some of the older posts on this mailing list about > access control and saw a suggestion along the lines of > acl:<user_id> AND (actual query). > > While this obviously works, there are a couple of niggles. Every item > must have a list of valid user ids (typically less than 100 in my > case). Every time a collaborator is added to or removed from a > project, I need to update every item in that project. This will > typically be fewer than 1000 items, so I guess is no big deal. > > I wondered if the following might be a reasonable alternative, > assuming the number of projects to which a user has access is lower > than a certain bound. > (acl:<project_id> OR acl:<project_id> OR ... ) AND (actual query) > > When the numbers are small - e.g. each user has access to ~20 projects > and each project has ~20 collaborators - is one approach preferable > over another? And when outliers exist - e.g. a project with 2000 > collaborators, or a user with access to 2000 projects - is one > approach more liable to fail than the other? > > Many thanks > > Paul >
