lucene-java-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Markus Wiederkehr <>
Subject ACLs and Lucene
Date Mon, 30 May 2005 07:46:37 GMT
I am working on a Document Management System where every document has
an Access Control List attached to it. Obviously a search result
should only consist of documents that may be viewed by the currently
logged in user.

I can think of three strategies to accomplish this goal:

1) using Filter and FilteredQuery
2) filtering the search result
3) somehow storing the ACL elements as Lucene fields

But each approach has serious drawbacks.

The first one degrades rapidly as the number of documents increases.
Think of determining the viewability of 10,000 documents where you
need several SQL queries per document.

The second approach also degrades badly when a user has access to a
very small subset of all documents. There could be thousands of false
hits before the first viewable document is reached.

The third approach looks most promising to me but would require to
update Lucene documents whenever an ACL changes. Unfortunately it is
not possible to update Lucene documents without losing fields that are
indexed but not stored, right?

So my question is: is there another approach or a "standard solution"
I did not think of? Or how did others solve this problem?

Thanks in advance,


To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message