Product Selector

Fusion 5.12
    Fusion 5.12

    Graph Security Trimming Stage

    Table of Contents

    The Graph Security Trimming stage restricts query results according to the user ID as an alternative to Security Trimming Stage. Whereas the Security Trimming stage has one Solr filter query per data source, Graph Security Trimming uses a single filter query for all data sources.

    Stage setup

    When using this stage with SharePoint Optimized V2 or LDAP ACLs V2 connectors, configure the following settings:

    Field Value

    ACL solr collection


    User ID source

    query_param or header

    User ID key

    The key that contains the User ID

    Join method


    Join Field



    When entering configuration values in the UI, use unescaped characters, such as \t for the tab character. When entering configuration values in the API, use escaped characters, such as \\t for the tab character.

    Graph security trimming stage is an alternative to the general "Security Trimming Stage". Unlike the general filter, the Graph security trimming stage performs all of the security trimming within a single filter query. You should always prefer this filter over the general Security Trimming filter when you are not trimming legacy data sources. If you have the _lw_acl_ss acl field present on all of your trimmed content documents, you should be using this filter.

    skip - boolean

    Set to true to skip this stage.

    Default: false

    label - string

    A unique label for this stage.

    <= 255 characters

    condition - string

    Define a conditional script that must result in true or false. This can be used to determine if the stage should process or not.

    aclSolrCollection - stringrequired

    This is the Solr collection that contains the User and Group ACLs. This collection is populated by connectors for the Users and Groups found while crawling the datasource, namely the LDAP connector

    userIdentitySource - stringrequired

    Specify whether the value comes from an http header or query parameter. Must be either query_param or header.

    Default: query_param

    userIdentityKey - stringrequired

    The value of the header or query parameter that contains the User ID. E.g. username, userID, etc.

    Default: username

    joinField - stringrequired

    The field to use to match acls to content. Should be set to "id" if ACLs are in a separate collection than content collection. If your acls are stored in the content collection, use "_lw_acl_ss".

    Default: id

    excludeDatasources - string

    Comma separated datasource IDs - security trimming will not be performed on documents from these data sources and therefore they will be public.

    includeDatasources - string

    Comma separated datasource IDs - security trimming will be performed only on documents from these data sources. Other datasources will be public.

    joinMethod - string

    The Solr join query method parameter. Can be index, crossCollection, dvWithScore, or topLevelDV.

    Default: crossCollection

    treatExternalContentAsPublic - boolean

    If a content document does not have a _lw_data_source_s field, treat it as public.