Product Selector

Fusion 5.9
    Fusion 5.9

    Security TrimmingQuery pipeline stage configuration specifications

    This stage is deprecated in Managed Fusion 5.9.0. The Graph Security Trimming stage, introduced in Managed Fusion 5.6.0, uses a single filter query for all data sources instead of one filter query per data source. Migrate your query pipeline stage to the graph security trimming stage.

    The Security Trimming query pipeline stage restricts query results according to the user ID. While indexing the content, the Managed Fusion connectors service stores security ACL metadata associated with the crawled items and indexes them as fields. The Security Trimming stage matches this information against the ID of the user running the search query.

    This stage supports asynchronous processing.

    Query pipeline stage condition examples

    Stages can be triggered conditionally when a script in the Condition field evaluates to true. Some examples are shown below.

    Run this stage only for mobile clients:

    params.deviceType === "mobile"

    Run this stage when debugging is enabled:

    params.debug === "true"

    Run this stage when the query includes a specific term:

    params.q && params.q.includes("sale")

    Run this stage when multiple conditions are met:

    request.hasParam("fusion-user-name") && request.getFirstParam("fusion-user-name").equals("SuperUser");
!request.hasParam("isFusionPluginQuery")

    The first condition checks that the request parameter "fusion-user-name" is present and has the value "SuperUser". The second condition checks that the request parameter "isFusionPluginQuery" is not present.

    Configuration

    When entering configuration values in the UI, use unescaped characters, such as \t for the tab character. When entering configuration values in the API, use escaped characters, such as \\t for the tab character.

    Apply connectors security trimming

    skip - boolean

    Set to true to skip this stage.

    Default: false

    label - string

    A unique label for this stage.

    <= 255 characters

    condition - string

    Define a conditional script that must result in true or false. This can be used to determine if the stage should process or not.

    asyncConfig - Asynchronous Execution Config

    enabled - boolean

    Run the expensive data loading or processing part of this stage in a separate thread allowing the pipeline to continue executing. The results of this asynchronous execution can be merged into the pipeline request using a downstream "Merge Async Results" stage.

    Default: false

    asyncId - string

    A unique value to use as reference in downstream "Merge Async Results" stages.

    overrideUserIdentityHandling - boolean

    Default handling first attempts to take the user identity from a 'fusion-user-id' http-header, which is the logged-in user ID from the Fusion proxy service. If that value is empty, a 'username' query parameter is tried instead. When this DataSource property is enabled, the specified source and key properties are used explicitly, without any fallback behavior.

    Default: false

    userIdentitySource - string

    Specify whether the value comes from an http header or query parameter.

    Default: query_param

    Allowed values: query_paramheader

    userIdentityKey - string

    e.g. username, userID, etc.

    Default: username

    datasources - array[string]

    A list of Fusion datasources to which security-trimming should be restricted, allowing content from other datasources to pass through un-filtered; if empty, all matching content is subject to filtering.