Boolean expression lock strings (secBoolExpr DLS plugin)
|This feature is not available to users of the Squiz Experience Cloud version of Funnelback.|
secBoolExpr plugin may be used to determine a user’s access to a document when document level security is enabled. It is used when boolean style logic can be used to determine a user’s access when comparing the lock string with the user’s keys.
For example the lock string on a document could be
AUTHOR|EDITOR meaning that user would need to have either
EDITOR as values within their user keys. If the user had user keys
collection_name;AUTHOR,collection_name;VIEWER then that user would have access to the above document.
When evaluating an expression all values the user has are set to
true while all missing values are set to false, for the above example it would become
true|false which evaluates to
To enable the plugin set the following in
-lock_string_mod_mode=raw to the indexer options
For example in
secBoolExpr plugin supports the following logical operators ordered in lowest to highest precedence:
or: can be represented as
and: can be represented as
not: can be represented as
(): can be represented as
|Word operators are case sensitive and are must be expressed in upper case.|
Operator types can be mixed in a single lock string, the follow are a valid lock strings for this plugin:
a OR b | c , d
a AND b . c & d
Values are case sensitive non-zero ASCII strings consisting of the following characters:
_ and must not be any operator including
Values must not be the lowercase or any mixed case form of an operator. For example, values should not be
Values may contain operators within them e.g.
NOT_A, that will be processed like any other value.
Documents with missing, empty or zero length boolean expression will be treated as a lock string that does not permit access by any user.
A single lock string is supported per document. Documents which have multiple lock strings will cause an undefined behavior.