Our team currently uses Solr as the backend for our search solution and we are currently looking into adding some security constraints to it. We are currently looking into different levels of security which may encompass:
1) Dataset/core level security: the whole index is blocked from access for unauthorised users.
2) Field level security: certain fields are blocked from access.
3) Document level security: certain documents are blocked from access.
So far my research has shown that most people have implemented URL path based security for Solr, but no one seems to have any experience with finer grained security as outlined above. Our current use case is in the spend analysis market, where access to datasets needs to be tightly controlled at differing levels of granularity.
Based on what we have found so far, our questions are:
1) Is it possible to extend Solr so that it handles these differing levels of security transparently? Or should we be looking at controlling all of this within our search application? 2) Are there any extensions or packages out there that already do anything similar?
Thanks in advance for the help!