Translucent document level security
|This feature is not available in the Squiz DXP.|
Translucent DLS (document level security) provides a document security model which promotes discovery of documents. Unlike pure document level security which provides a tight security model, translucent DLS allows users to discover documents they are not permitted to see which relate to their query. As translucent DLS reveals some information it should only be used when all authorised users are trusted.
Once enabled by default documents which match the users query that can not be viewed by the user will be returned in the result in the usual ranking order with all revealing information removed. This includes not showing the document title, query biased summary and document links.
Typically when Translucent DLS is used the search user needs a way of requesting access to a document they can not see. To achieve this metadata fields can be marked as translucent in query processor options. For example to reveal the
owner metadata of the document set:
-SM=both are both set then for documents which the user could not see the metadata
owner would be shown. For documents the user can see, both metadata
owner would be shown.
Collapsing can be used when translucent DLS is activated. Documents which the user can not see can only be collapsed if the collapsing signature contains only fields set in
-translucent_DLS_fields=. If the signature contains other fields, including special fields such as
$, then only documents which the user can see will be collapsed.
Result metadata counts
-rmcf often used for facets will work when translucent DLS is activated. Documents which are not visible will not have their metadata counted thus counts include only documents the user can see. In future releases this behaviour is expected to change so that non visible documents have the metadata fields which is the intersect of