> ## Documentation Index
> Fetch the complete documentation index at: https://doc.lucidworks.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Graph Security Trimming

> Query pipeline stage configuration specifications

export const schema = {
  "type": "object",
  "title": "Graph Security Trimming",
  "description": "Graph security trimming stage is an alternative to the general \"Security Trimming Stage\". Unlike the general filter, the Graph security trimming stage performs all of the security trimming within a single filter query. You should always prefer this filter over the general Security Trimming filter when you are not trimming legacy data sources. If you have the _lw_acl_ss acl field present on all of your trimmed content documents, you should be using this filter.",
  "required": ["userIdentitySource", "userIdentityKey"],
  "properties": {
    "skip": {
      "type": "boolean",
      "title": "Skip This Stage",
      "description": "Set to true to skip this stage.",
      "default": false,
      "hints": ["advanced"]
    },
    "label": {
      "type": "string",
      "title": "Label",
      "description": "A unique label for this stage.",
      "hints": ["advanced"],
      "maxLength": 255
    },
    "condition": {
      "type": "string",
      "title": "Condition",
      "description": "Define a conditional script that must result in true or false. This can be used to determine if the stage should process or not.",
      "hints": ["code", "code/javascript", "advanced"]
    },
    "legacy": {
      "type": "boolean",
      "title": "Legacy",
      "description": "True if this stage only supports legacy mode",
      "hints": ["readonly", "hidden"]
    },
    "aclSolrCollection": {
      "type": "string",
      "title": "ACL solr collection",
      "description": "This is the Solr collection that contains the User and Group ACLs. It is typically the same as the content collection.",
      "hints": ["advanced", "hidden"]
    },
    "userIdentitySource": {
      "type": "string",
      "title": "User ID source",
      "description": "Specify whether the value comes from an http header or query parameter. Must be either query_param or header.",
      "default": "query_param"
    },
    "userIdentityKey": {
      "type": "string",
      "title": "User ID key",
      "description": "The value of the header or query parameter that contains the User ID. E.g. username, userID, etc.",
      "default": "username"
    },
    "joinField": {
      "type": "string",
      "title": "Join Field",
      "description": "The field to use to match acls to content. Should be set to \"id\" if ACLs are in a separate collection than content collection. If your acls are stored in the content collection, use \"_lw_acl_ss\".",
      "default": "_lw_acl_ss",
      "hints": ["hidden"]
    },
    "excludeDatasources": {
      "type": "string",
      "title": "Exclude Data Source ID(s)",
      "description": "Comma separated datasource IDs - security trimming will not be performed on documents from these data sources and therefore they will be public."
    },
    "includeDatasources": {
      "type": "string",
      "title": "Inclusive Data Source ID(s)",
      "description": "Comma separated datasource IDs - security trimming will be performed only on documents from these data sources. Other datasources will be public."
    },
    "joinMethod": {
      "type": "string",
      "title": "Join method",
      "description": "The Solr join query method parameter. Can be index or topLevelDV.",
      "default": "topLevelDV",
      "hints": ["advanced", "hidden"]
    },
    "treatExternalContentAsPublic": {
      "type": "boolean",
      "title": "Treat external content as public",
      "description": "If a content document does not have a _lw_data_source_s field, treat it as public."
    }
  },
  "category": "Set Up",
  "categoryPriority": 8,
  "unsafe": false
};

export const SchemaParamFields = ({schema}) => {
  const sanitize = str => {
    if (typeof str !== "string") return str;
    return str.replace(/^"(.*)"$/s, "$1").replace(/\\/g, "").replace(/"/g, "'");
  };
  const formatDescription = str => {
    const s = sanitize(str);
    return (/[.!?]\)*$/).test(s) ? s : `${s}.`;
  };
  const {description, properties = {}, required: requiredProps = []} = schema;
  const visibleProps = useMemo(() => Object.entries(properties).filter(([, prop]) => !prop.hints?.includes("hidden")), [properties]);
  return <div>
      {description && <p>{formatDescription(description)}</p>}

      {visibleProps.map(([name, prop]) => {
    const isRequired = requiredProps.includes(name);
    const hasDefault = prop.default !== undefined;
    const rawDefault = prop.default;
    const isComplexDefault = hasDefault && (typeof rawDefault === "object" || typeof rawDefault === "string" && (rawDefault.length > 20 || rawDefault.includes('"')));
    const fieldProps = {
      key: name,
      body: prop.title || name,
      type: prop.type,
      ...prop.title && ({
        post: [<><span className="text-stone-400 dark:text-stone-500">API property: </span>{name}</>]
      }),
      ...isRequired && ({
        required: true
      }),
      ...!isComplexDefault && hasDefault ? {
        default: sanitize(String(rawDefault))
      } : {}
    };
    const isObject = prop.type === "object" && prop.properties;
    const isArrayOfObjects = prop.type === "array" && prop.items?.type === "object" && prop.items.properties;
    return <ParamField {...fieldProps}>
            {prop.description && <p>{formatDescription(prop.description)}</p>}

            {isComplexDefault && <div className="flex">
                <p>
                  <strong>Default:</strong>
                </p>
                <pre className="!my-0">
                  <code>
                    {JSON.stringify(rawDefault, null, 2)}
                  </code>
                </pre>
              </div>}

            {isArrayOfObjects && <div className="flex">
              <p>
                <strong>Object attributes:</strong>
              </p>
              <pre className="!my-0">
                <code>
                  {'{\n'}
                  {Object.entries(prop.items.properties).map(([iname, iprop]) => <>
                      {`  ${iname}`}
                      {prop.items?.required?.includes(iname) && <span style={{
      color: 'red'
    }}> required</span>}
                      {`: {\n    display name: ${sanitize(iprop.title || '')}\n    type: ${iprop.type}\n  }\n`}
                    </>)}
                  {'}'}
                </code>
              </pre>
              </div>}

            {isObject && <Expandable title="properties">
                <SchemaParamFields schema={{
      properties: prop.properties,
      required: prop.required
    }} />
              </Expandable>}
          </ParamField>;
  })}
    </div>;
};

export const LwTemplate = ({title = "Key questions to get you started", icon = "sparkles", cta = "Powered by Agent Studio", linkHref = "https://lucidworks.com/demo/?utm_source=docs&utm_medium=referral&utm_campaign=docs_cta_ai"}) => {
  const [isLoaded, setIsLoaded] = useState(false);
  useEffect(() => {
    const timer = setTimeout(() => {
      setIsLoaded(true);
    }, 500);
    return () => clearTimeout(timer);
  }, []);
  return <div className="lw-template-container">
      <Card title={title} icon={icon}>
        {isLoaded && <span dangerouslySetInnerHTML={{
    __html: `<lw-template id="a029c1a9-28be-427e-b0e1-5d918920246a"></lw-template
            >`
  }} />}
        <Link href={linkHref} className="agent-studio-link text-left text-gray-600 gap-2 dark:text-gray-400 text-sm font-medium flex flex-row items-center hover:text-primary dark:hover:text-primary-light group-hover:text-primary group-hover:dark:text-primary-light">Powered by Lucidworks Agent Studio</Link>
      </Card>
    </div>;
};

[localhost link]: http://localhost:3000/docs/lucidworks-search/09-developer-documentation/config-specs/query-pipeline-stages/graph-security-trimming

[mintlify link]: https://doc.lucidworks.com/docs/lucidworks-search/09-developer-documentation/config-specs/query-pipeline-stages/graph-security-trimming

[old doc.lw link]: https://doc.lucidworks.com/managed-fusion/5.9/nm4b2l

The Graph Security Trimming stage restricts query results according to the user ID as an alternative to [Security Trimming Stage](/docs/lucidworks-search/09-developer-documentation/config-specs/query-pipeline-stages/security-trimming). Whereas the Security Trimming stage has one Solr filter query per data source, Graph Security Trimming uses a single filter query for all data sources.

<LwTemplate />

## Configuration

<Tip>
  When entering configuration values in the UI, use *unescaped* characters, such as `\t` for the tab character. When entering configuration values in the API, use *escaped* characters, such as `\\t` for the tab character.
</Tip>

<SchemaParamFields schema={schema} />
