Graph Security Trimming Stage
The Graph Security Trimming stage restricts query results according to the user ID as an alternative to Security Trimming Stage. Whereas the Security Trimming stage has one Solr filter query per data source, Graph Security Trimming uses a single filter query for all data sources.
Field |
Value |
ACL solr collection |
contentCollection
|
User ID source |
query_param or header
|
User ID key |
The key that contains the User ID |
Join method |
topLevelDV
|
Join Field |
_lw_acl_ss
|
|
When entering configuration values in the UI, use unescaped characters, such as \t for the tab character. When entering configuration values in the API, use escaped characters, such as \\t for the tab character.
|
Graph security trimming stage is an alternative to the general "Security Trimming Stage". Unlike the general filter, the Graph security trimming stage performs all of the security trimming within a single filter query. You should always prefer this filter over the general Security Trimming filter when you are not trimming legacy data sources. If you have the _lw_acl_ss acl field present on all of your trimmed content documents, you should be using this filter.
skip - boolean
Set to true to skip this stage.
Default: false
label - string
A unique label for this stage.
<= 255 characters
condition - string
Define a conditional script that must result in true or false. This can be used to determine if the stage should process or not.
userIdentitySource - stringrequired
Specify whether the value comes from an http header or query parameter. Must be either query_param or header.
Default: query_param
userIdentityKey - stringrequired
The value of the header or query parameter that contains the User ID. E.g. username, userID, etc.
Default: username
excludeDatasources - string
Comma separated datasource IDs - security trimming will not be performed on documents from these data sources and therefore they will be public.
includeDatasources - string
Comma separated datasource IDs - security trimming will be performed only on documents from these data sources. Other datasources will be public.
treatExternalContentAsPublic - boolean
If a content document does not have a _lw_data_source_s field, treat it as public.