Access Control Lists (ACLs)
For each document, two ACL fields are populated. The data in these fields can be used at search time to filter the results so that only people that have been granted access at the share level, at the user level, or through group membership can see them.-
acl_shareThis field honors the DFS share access restrictions. This means that if everyone has access to a folder inside a share, but only a small group has access to the share itself, then all users can access the folder. -
aclFor each document, theaclfield is populated with data that can be used at search time to filter the results so that only people that have been granted access at the user level or through group membership can see them. Two kinds of tokens are stored: Allow and Deny. The format used is as follows:WhereSIDis the security identifier commonly used in Microsoft Windows systems. There are some well known SIDs that can be used in theaclfield to make documents that are crawled through some other mechanism than by using SMB data source behave, from theacl pow, the same way as the crawled SMB content: