Return-Path: Delivered-To: apmail-lucene-java-user-archive@www.apache.org Received: (qmail 4059 invoked from network); 30 May 2005 07:47:03 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199) by minotaur.apache.org with SMTP; 30 May 2005 07:47:03 -0000 Received: (qmail 61491 invoked by uid 500); 30 May 2005 07:46:56 -0000 Delivered-To: apmail-lucene-java-user-archive@lucene.apache.org Received: (qmail 61458 invoked by uid 500); 30 May 2005 07:46:55 -0000 Mailing-List: contact java-user-help@lucene.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: java-user@lucene.apache.org Delivered-To: mailing list java-user@lucene.apache.org Received: (qmail 61442 invoked by uid 99); 30 May 2005 07:46:55 -0000 X-ASF-Spam-Status: No, hits=0.4 required=10.0 tests=DNS_FROM_RFC_ABUSE,RCVD_BY_IP,SPF_HELO_PASS,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (hermes.apache.org: domain of markus.wiederkehr@gmail.com designates 64.233.184.203 as permitted sender) Received: from wproxy.gmail.com (HELO wproxy.gmail.com) (64.233.184.203) by apache.org (qpsmtpd/0.28) with ESMTP; Mon, 30 May 2005 00:46:53 -0700 Received: by wproxy.gmail.com with SMTP id 50so1496134wri for ; Mon, 30 May 2005 00:46:37 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; b=eBfumQ5WUHK+ozVFbJvedCKKpjija/dprMJrXBOIfV+xgvuSDBUqlH1IwO07QztAO6FtdZA9D/laJxbLeYn8aGeJl3lfN3ZPy5eIWkA9yjAmZasl2tZu8Fof8BWL41fI3mE8I+BpBlWk9zhRIDIYPrxWqCnXj1YJ6HUZQreXuOs= Received: by 10.54.145.15 with SMTP id s15mr2184310wrd; Mon, 30 May 2005 00:46:37 -0700 (PDT) Received: by 10.54.51.73 with HTTP; Mon, 30 May 2005 00:46:37 -0700 (PDT) Message-ID: Date: Mon, 30 May 2005 09:46:37 +0200 From: Markus Wiederkehr Reply-To: Markus Wiederkehr To: Lucene users Subject: ACLs and Lucene Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline X-Virus-Checked: Checked X-Spam-Rating: minotaur.apache.org 1.6.2 0/1000/N I am working on a Document Management System where every document has an Access Control List attached to it. Obviously a search result should only consist of documents that may be viewed by the currently logged in user. I can think of three strategies to accomplish this goal: 1) using Filter and FilteredQuery 2) filtering the search result 3) somehow storing the ACL elements as Lucene fields But each approach has serious drawbacks. The first one degrades rapidly as the number of documents increases. Think of determining the viewability of 10,000 documents where you need several SQL queries per document. The second approach also degrades badly when a user has access to a very small subset of all documents. There could be thousands of false hits before the first viewable document is reached. The third approach looks most promising to me but would require to update Lucene documents whenever an ACL changes. Unfortunately it is not possible to update Lucene documents without losing fields that are indexed but not stored, right? So my question is: is there another approach or a "standard solution" I did not think of? Or how did others solve this problem? Thanks in advance, Markus --------------------------------------------------------------------- To unsubscribe, e-mail: java-user-unsubscribe@lucene.apache.org For additional commands, e-mail: java-user-help@lucene.apache.org