lucene-solr-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Susheel Kumar <susheel2...@gmail.com>
Subject Re: Solr Search: Access Control / Role based security
Date Tue, 10 Nov 2015 18:37:02 GMT
Thanks everyone for the suggestions.

Hi Noble - Were there any thoughts made on utilizing Apache ManifoldCF
while developing Authentication/Authorization plugins or anything to add
there.

Thanks,
Susheel

On Tue, Nov 10, 2015 at 5:01 AM, Alessandro Benedetti <abenedetti@apache.org
> wrote:

> I've been working for a while with Apache ManifoldCF and Enterprise Search
> in Solr ( with Document level security) .
> Basically you can add a couple of extra fields , for example :
>
> allow_token : containing all the tokens that can view the document
> deny_token : containing all the tokens that are denied to view the document
>
> Apache ManifoldCF provides an integration that add an additional layer, and
> is able to combine different data sources permission schemes.
> The Authority Service endpoint will take in input the user name and return
> all the allow_token values and deny_token.
> At this point you can append the related filter queries to your queries and
> be sure that the user will only see what is supposed to see.
>
> It's basically an extension of the strategy you were proposing, role based.
> Of course keep protected your endpoints and avoid users to put custom fq,
> or all your document security model would be useless :)
>
> Cheers
>
>
> On 9 November 2015 at 21:52, Scott Stults <
> sstults@opensourceconnections.com
> > wrote:
>
> > Susheel,
> >
> > This is perfectly fine for simple use-cases and has the benefit that the
> > filterCache will help things stay nice and speedy. Apache ManifoldCF
> goes a
> > bit further and ties back to your authentication and authorization
> > mechanism:
> >
> >
> >
> http://manifoldcf.apache.org/release/trunk/en_US/concepts.html#ManifoldCF+security+model
> >
> >
> > k/r,
> > Scott
> >
> > On Thu, Nov 5, 2015 at 2:26 PM, Susheel Kumar <susheel2777@gmail.com>
> > wrote:
> >
> > > Hi,
> > >
> > > I have seen couple of use cases / need where we want to restrict result
> > of
> > > search based on role of a user.  For e.g.
> > >
> > > - if user role is admin, any document from the search result will be
> > > returned
> > > - if user role is manager, only documents intended for managers will be
> > > returned
> > > - if user role is worker, only documents intended for workers will be
> > > returned
> > >
> > > Typical practise is to tag the documents with the roles (using a
> > > multi-valued field) during indexing and then during search append
> filter
> > > query to restrict result based on roles.
> > >
> > > Wondering if there is any other better way out there and if this common
> > > requirement should be added as a Solr feature/plugin.
> > >
> > > The current security plugins are more towards making Solr
> apis/resources
> > > secure not towards securing/controlling data during search.
> > >
> > >
> >
> https://cwiki.apache.org/confluence/display/solr/Authentication+and+Authorization+Plugins
> > >
> > >
> > > Please share your thoughts.
> > >
> > > Thanks,
> > > Susheel
> > >
> >
> >
> >
> > --
> > Scott Stults | Founder & Solutions Architect | OpenSource Connections,
> LLC
> > | 434.409.2780
> > http://www.opensourceconnections.com
> >
>
>
>
> --
> --------------------------
>
> Benedetti Alessandro
> Visiting card : http://about.me/alessandro_benedetti
>
> "Tyger, tyger burning bright
> In the forests of the night,
> What immortal hand or eye
> Could frame thy fearful symmetry?"
>
> William Blake - Songs of Experience -1794 England
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message