I'm new to Solr and I'm looking for a document level security filter solution. Anonymous users searching my application should be able to find public data. Logged in users should be able to find public data and private data they have access to.
Earlier today I wrote about shards as a possible solution. I got a great reply from Shalin Shekhar Mangar of LucidWorks explaining how to achieve something technical but I'd like to back up a minute and consider other solutions. For one thing, I'm concerned about the potential misuse of shards. Judging from this wiki page, shards seem to be used primarily for scalability rather than security (access control): "When an index becomes too large to fit on a single system..." - https://cwiki.apache.org/confluence/display/solr/Distributed+Search+with+Index+Sharding For consistency with longer writeup of mine on this topic[1], I'm going to refer to the sharding solution as Option 4. Here's the full list of options I'm aware of for document level security filtering: 1. Manifold CF (Connector Framework) http://manifoldcf.apache.org 2. ACL PostFilter (ACLs in each document) Specifically, I mean this wonderful writeup by Erik Hatcher from LucidWorks: http://java.dzone.com/articles/custom-security-filtering-solr 3. Pass a (often long) list of IDs in query Representative question: http://lucene.472066.n3.nabble.com/Solr-large-boolean-filter-td4070747.html 4. Sharding (public shard, private shards per user) My post from earlier today: http://lucene.472066.n3.nabble.com/creating-shards-on-the-fly-in-a-single-Solr-instance-quot-shards-quot-query-parameter-td4126909.html I'm happy to hear opinions on any of these solutions or others I haven't even considered! Thanks! Phil 1. My longer writeup of this topic: https://trello.com/c/5z5PpR4r/50-design-solr-document-level-security-filter-solution -- Philip Durbin Software Developer for http://thedata.org http://www.iq.harvard.edu/people/philip-durbin
