Return-Path: X-Original-To: apmail-manifoldcf-dev-archive@www.apache.org Delivered-To: apmail-manifoldcf-dev-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id D843B183A6 for ; Wed, 16 Sep 2015 18:53:39 +0000 (UTC) Received: (qmail 80174 invoked by uid 500); 16 Sep 2015 18:53:39 -0000 Delivered-To: apmail-manifoldcf-dev-archive@manifoldcf.apache.org Received: (qmail 80122 invoked by uid 500); 16 Sep 2015 18:53:39 -0000 Mailing-List: contact dev-help@manifoldcf.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@manifoldcf.apache.org Delivered-To: mailing list dev@manifoldcf.apache.org Received: (qmail 80110 invoked by uid 99); 16 Sep 2015 18:53:39 -0000 Received: from Unknown (HELO spamd3-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 16 Sep 2015 18:53:39 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd3-us-west.apache.org (ASF Mail Server at spamd3-us-west.apache.org) with ESMTP id CB50E180332 for ; Wed, 16 Sep 2015 18:53:38 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd3-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: 2.901 X-Spam-Level: ** X-Spam-Status: No, score=2.901 tagged_above=-999 required=6.31 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=3, URIBL_BLOCKED=0.001] autolearn=disabled Authentication-Results: spamd3-us-west.apache.org (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mx1-us-west.apache.org ([10.40.0.8]) by localhost (spamd3-us-west.apache.org [10.40.0.10]) (amavisd-new, port 10024) with ESMTP id xRzYhCTPvjeY for ; Wed, 16 Sep 2015 18:53:25 +0000 (UTC) Received: from mail-io0-f176.google.com (mail-io0-f176.google.com [209.85.223.176]) by mx1-us-west.apache.org (ASF Mail Server at mx1-us-west.apache.org) with ESMTPS id 1D112207EE for ; Wed, 16 Sep 2015 18:53:25 +0000 (UTC) Received: by iofh134 with SMTP id h134so239580385iof.0 for ; Wed, 16 Sep 2015 11:53:24 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=HydbUBJOtTbbGigaHKP3fcUrMPSlNonzyRMLszYykHM=; b=qchV2sBqEgBJo4ZDpQopfdmrhyTh1hBHKenuAhKI4z7KP7etyt+JFDfAPMUt1uEXxF K9ip0pNVApuD+lNppzabLGLaVCKxbameu+wDW7Uszggd/KvI7BDiauSSjySIvfxECiD5 z5YJBGTAnr735xPZnTY940mowEvtGaoFYFWV2DD/TRS5Jk2Xo5fa5GSe1hOGl8Sawx00 nNqzn4b13r3vyB/JcpXCL3ubzeogY6TWbnP6w5NpNa0urE1CtuFg63fx+ZaEDMQtL0wS AusOmLAuRTonUEWhFv2KzEPqX8XPWnfTuFJm3FTqjmVnlUFSavTRDd5h0pFIE1lHiqpL zPyg== MIME-Version: 1.0 X-Received: by 10.107.10.91 with SMTP id u88mr44936511ioi.136.1442429604469; Wed, 16 Sep 2015 11:53:24 -0700 (PDT) Received: by 10.107.181.19 with HTTP; Wed, 16 Sep 2015 11:53:24 -0700 (PDT) In-Reply-To: References: Date: Wed, 16 Sep 2015 14:53:24 -0400 Message-ID: Subject: Re: What is the proper way to filter documents based on tokens? From: Karl Wright To: dev Content-Type: multipart/alternative; boundary=001a113f8b4a304292051fe1d099 --001a113f8b4a304292051fe1d099 Content-Type: text/plain; charset=UTF-8 Hi Naveen, There are three independent levels of acls in Active Directory: share, folder, and document. All three have to be considered in order to determine if a document is visible to a user. So you want (in share_acl and NOT in share_deny_acl) AND (in folder_acl and NOT in folder_deny_acl) AND (in doc_acl and NOT in doc_deny_acl) . Karl On Wed, Sep 16, 2015 at 2:14 PM, Naveen.A.N wrote: > I am not sure what is the proper way to filter the documents using ACL > tokens in Active Directory. > The document contains document allow tokens and document deny tokens. also, > I have the user tokens. Do we need to filter like "user tokens which are in > document allow and not in document deny" is that correct way of doing > filtering document for a user? > -- > Thanks and Regards, > Naveen A.N > Lead Software Developer > SearchBlox Software, Inc. > www.searchblox.com > Ph: +91 9445389179 > --001a113f8b4a304292051fe1d099--