A good search platform provides easy, quick, universal access to business information while ensuring users can only see and access content for which they have the necessary read authorization. Ensuring confidentiality in the context of enterprise search means that the search solution doesn’t seek to replace or even alter the existing security policies.
In addition, an enterprise search solution should accommodate an organization’s tolerance for latency in permissions changes. During the process of generating results, a secure search engine needs to match the authenticated user’s access rights with the retrieved documents’ access rights (defined in Access Control Lists, or ACLs).
To determine a user’s read rights for a particular resource when executing a search query, there are two basic options, each with a different impact on latency:
- Real-Time ACL Checking (sometimes referred to as “unmapped security” or “post-query filtering”): the search platform checks the ACL at query time for each individual search result returned by a query.
- ACL Indexing (also known as “mapped security” or “ACL mapping”): at indexing time, information regarding the users and their rights is appended as metadata to the index entry for a document. Consequently, at query time, the search platform simply checks the metadata attached to each index entry rather than checking with the source application’s ACL.
Because Real-Time ACL Checking is hard to manage and puts a heavy load on the server and incumbent systems, Exalead recommends ACL Indexing as a standard approach. It is the fastest, most scalable option. It also offers a very high level of granularity.
However, there is latency in permissions changes with ACL Indexing, which may be unacceptable in certain contexts. Therefore, exalead one:enterprise can optionally combine the two ACL checking methods to optimize performance while ensuring a responsive approach to changes in security access rights.
To learn more about how security works in the context of enterprise search, and about Exalead’s approach to security, you can request a copy of our white paper “Secure Search Solution” by emailing us at firstname.lastname@example.org.