On Tue, Nov 23, 2010 at 5:26 AM, Peter Sturge <peter.stu...@gmail.com> wrote: > Document-level access control can be a real 'can of worms', and it can > be worthwhile spending a bit of time defining exactly what you need.
I agree, "document-level access control" is an anti-feature. You can't just give someone access to a subset of documents, yet still give them access to a huge amount of statistics about documents they don't have access to (e.g. ranking based on IDF, spellchecker, autosuggest, ...), especially since text tends to follow certain nice statistical properties. You must give someone access to an entire inverted index, or no access to an inverted index at all. Otherwise they can use information from documents they do have access to, to start reconstructing documents they don't.
