Translucent document level security
This feature is not available in the Squiz DXP. |
Translucent DLS (document level security) provides a document security model which promotes discovery of documents. Unlike pure document level security which provides a tight security model, translucent DLS allows users to discover documents they are not permitted to see which relate to their query. As translucent DLS reveals some information it should only be used when all authorised users are trusted.
Setup
Translucent DLS can only be enabled on collections which have DLS. To enable translucent DLS set in the query processor options
-translucent_DLS=on
Once enabled by default documents which match the users query that can not be viewed by the user will be returned in the result in the usual ranking order with all revealing information removed. This includes not showing the document title, query biased summary and document links.
Translucent metadata
Typically when Translucent DLS is used the search user needs a way of requesting access to a document they can not see. To achieve this metadata fields can be marked as translucent in query processor options. For example to reveal the owner
metadata of the document set:
-translucent_DLS_fields=[owner]
Displaying translucent metadata
If -SF=[owner,author]
and -SM=both
are both set then for documents which the user could not see the metadata owner
would be shown. For documents the user can see, both metadata author
and owner
would be shown.
Collapsing with translucent DLS
Collapsing can be used when translucent DLS is activated. Documents which the user can not see can only be collapsed if the collapsing signature contains only fields set in -translucent_DLS_fields=
. If the signature contains other fields, including special fields such as $
, then only documents which the user can see will be collapsed.
Result metadata counts
Result metadata counts -rmcf
often used for facets will work when translucent DLS is activated. Documents which are not visible will not have their metadata counted thus counts include only documents the user can see. In future releases this behaviour is expected to change so that non visible documents have the metadata fields which is the intersect of -rmcf
and -translucent_DLS_fields
counted.