lucene-java-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Bruce Ritchie" <>
Subject RE: ACLs and Lucene
Date Mon, 30 May 2005 15:26:19 GMT

> I am working on a Document Management System where every 
> document has an Access Control List attached to it. Obviously 
> a search result should only consist of documents that may be 
> viewed by the currently logged in user.
> I can think of three strategies to accomplish this goal:
> 1) using Filter and FilteredQuery
> 2) filtering the search result
> 3) somehow storing the ACL elements as Lucene fields
> But each approach has serious drawbacks.
> The first one degrades rapidly as the number of documents increases.
> Think of determining the viewability of 10,000 documents 
> where you need several SQL queries per document.
> The second approach also degrades badly when a user has 
> access to a very small subset of all documents. There could 
> be thousands of false hits before the first viewable document 
> is reached.
> The third approach looks most promising to me but would 
> require to update Lucene documents whenever an ACL changes. 
> Unfortunately it is not possible to update Lucene documents 
> without losing fields that are indexed but not stored, right?
> So my question is: is there another approach or a "standard solution"
> I did not think of? Or how did others solve this problem?

We took a combination of the first and the second approach in our applications. We filter
by content area that the user is allowed to view  and then filter the search results that
are retrieved. It's actually very fast for us because we don't have to load the document to
check the permissions - just query an API which caches all the permissions. SQL is only required
for loading the documents that are visible for any given result page (assumming that the document
isn't already loaded into cache).

The third approach was deemed unusable for the exact reason you outlined.


Bruce Ritchie

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message