Waiting for Constellio V2.0, we thought you may be interested in seeing how to activate early binding in Constellio 1.3
As a reminder, there are two ways to manage security for documents search: early binding and late binding. By security management, we mean the fact that an authorised user in a search engine is allowed to see as an answer to a search request, only the results he is actually allowed to see.
Early binding is the recommended way as it provides the fastest answer time. It consists in storing as part of the index the ACL (Access Control List) of the indexed documents, as an additional field of the Lucene index. Thus, when someone does a search, his username is appended to the search query, and there is a field filtering based on his username. The pros is that it only impacts the search time by the time it takes to filter on a field (which means a very small overhead). The con is that the documents ACLs are only synchronised when the documents are recrawled and reindexed. So if you plan a crawl everynight, your indexed ACLs will only be updated every night, hence generating a potential one day discrepancy. Still, this is the recommended way for standard scenarios, as most enterprise needs don’t require a to-the-minute update of the ACLs of files. Continue reading →