Graph Security Trimming Stage
The Graph Security Trimming stage restricts query results according to the user ID as an alternative to Security Trimming Stage. Whereas the Security Trimming stage has one Solr filter query per data source, Graph Security Trimming uses a single filter query for all data sources.
Field |
Value |
ACL solr collection |
contentCollection
|
User ID source |
query_param or header
|
User ID key |
The key that contains the User ID |
Join method |
topLevelDV
|
Join Field |
_lw_acl_ss
|
|
When entering configuration values in the UI, use unescaped characters, such as \t for the tab character. When entering configuration values in the API, use escaped characters, such as \\t for the tab character.
|
Graph security trimming stage is an alternative to the general "Security Trimming Stage". Unlike the general filter, the Graph security trimming stage performs all of the security trimming within a single filter query. You should always prefer this filter over the general Security Trimming filter when you are not trimming legacy data sources. If you have the _lw_acl_ss acl field present on all of your trimmed content documents, you should be using this filter.
skip - boolean
Set to true to skip this stage.
Default: false
label - string
A unique label for this stage.
<= 255 characters
condition - string
Define a conditional script that must result in true or false. This can be used to determine if the stage should process or not.
aclSolrCollection - stringrequired
This is the Solr collection that contains the User and Group ACLs. This collection is populated by connectors for the Users and Groups found while crawling the datasource, namely the LDAP connector
userIdentitySource - stringrequired
Specify whether the value comes from an http header or query parameter. Must be either query_param or header.
Default: query_param
userIdentityKey - stringrequired
The value of the header or query parameter that contains the User ID. E.g. username, userID, etc.
Default: username
joinField - stringrequired
The field to use to match acls to content. Should be set to "id" if ACLs are in a separate collection than content collection. If your acls are stored in the content collection, use "_lw_acl_ss".
Default: id
excludeDatasources - string
Comma separated datasource IDs - security trimming will not be performed on documents from these data sources and therefore they will be public.
includeDatasources - string
Comma separated datasource IDs - security trimming will be performed only on documents from these data sources. Other datasources will be public.
joinMethod - string
The Solr join query method parameter. Can be index, crossCollection, dvWithScore, or topLevelDV.
Default: crossCollection
treatExternalContentAsPublic - boolean
If a content document does not have a _lw_data_source_s field, treat it as public.