Product Selector

Fusion 5.9
    Fusion 5.9

    Graph Security Trimming Stage

    Table of Contents

    The Graph Security Trimming stage restricts query results according to the user ID as an alternative to Security Trimming Stage. Whereas the Security Trimming stage has one Solr filter query per data source, Graph Security Trimming uses a single filter query for all data sources.

    Stage setup

    When using this stage with SharePoint Optimized V2 or LDAP ACLs V2 connectors, configure the following settings:

    Field Value

    ACL solr collection

    contentCollection

    User ID source

    query_param or header

    User ID key

    The key that contains the User ID

    Join method

    topLevelDV

    Join Field

    _lw_acl_ss
    Refer to Configure Security Trimming for SharePoint Optimized V2 and Migrate to Graph Security Trimming in Fusion 5.8 or later for more information.

    Lucidworks offers free training to help you get started with Fusion. Check out the Configuring Graph Security Trimming quick learning, which focuses on how to set up security trimming:

    Configuring Graph Security Trimming

    Visit the LucidAcademy to see the full training catalog.

    Configuration

    When entering configuration values in the UI, use unescaped characters, such as \t for the tab character. When entering configuration values in the API, use escaped characters, such as \\t for the tab character.

    Graph security trimming stage is an alternative to the general "Security Trimming Stage". Unlike the general filter, the Graph security trimming stage performs all of the security trimming within a single filter query. You should always prefer this filter over the general Security Trimming filter when you are not trimming legacy data sources. If you have the _lw_acl_ss acl field present on all of your trimmed content documents, you should be using this filter.

    skip - boolean

    Set to true to skip this stage.

    Default: false

    label - string

    A unique label for this stage.

    <= 255 characters

    condition - string

    Define a conditional script that must result in true or false. This can be used to determine if the stage should process or not.

    userIdentitySource - stringrequired

    Specify whether the value comes from an http header or query parameter. Must be either query_param or header.

    Default: query_param

    userIdentityKey - stringrequired

    The value of the header or query parameter that contains the User ID. E.g. username, userID, etc.

    Default: username

    excludeDatasources - string

    Comma separated datasource IDs - security trimming will not be performed on documents from these data sources and therefore they will be public.

    includeDatasources - string

    Comma separated datasource IDs - security trimming will be performed only on documents from these data sources. Other datasources will be public.

    treatExternalContentAsPublic - boolean

    If a content document does not have a _lw_data_source_s field, treat it as public.