�cdocutils.nodes
document
q�)Åq�}q�(U nametypesq�}q�(X����representing access rulesq�NX#���supporting access control in searchq�NX����observationsq�NuU�substitution_defsq }q
U�parse_messagesq�]q�U�current_sourceq
NU
decorationq�NU�autofootnote_startq�K�U�nameidsq�}q�(h�U�representing-access-rulesq�h�U#supporting-access-control-in-searchq�h�U�observationsq�uU�childrenq�]q�cdocutils.nodes
section
q�)Åq�}q�(U rawsourceq�U�U�parentq�h�U�sourceq�Xg���/var/lib/jenkins/jobs/API_Documentation_trunk/workspace/api-documentation/source/design/search_auth.txtq�U�tagnameq�U�sectionq�U
attributesq }q!(U�dupnamesq"]U�classesq#]U�backrefsq$]U�idsq%]q&h�aU�namesq']q(h�auU�lineq)K�U�documentq*h�h�]q+(cdocutils.nodes
title
q,)Åq-}q.(h�X#���Supporting Access Control in Searchq/h�h�h�h�h�U�titleq0h }q1(h"]h#]h$]h%]h']uh)K�h*h�h�]q2cdocutils.nodes
Text
q3X#���Supporting Access Control in Searchq4ÖÅq5}q6(h�h/h�h-ubaubcdocutils.nodes
field_list
q7)Åq8}q9(h�U�h�h�h�h�h�U
field_listq:h }q;(h"]h#]h$]h%]h']uh)K�h*h�h�]q<cdocutils.nodes
field
q=)Åq>}q?(h�U�h�h8h�h�h�U�fieldq@h }qA(h"]h#]h$]h%]h']uh)K�h*h�h�]qB(cdocutils.nodes
field_name
qC)ÅqD}qE(h�X����StatusqFh�h>h�h�h�U
field_nameqGh }qH(h"]h#]h$]h%]h']uh)K�h�]qIh3X����StatusqJÖÅqK}qL(h�hFh�hDubaubcdocutils.nodes
field_body
qM)ÅqN}qO(h�X����DRAFT
h }qP(h"]h#]h$]h%]h']uh�h>h�]qQcdocutils.nodes
paragraph
qR)ÅqS}qT(h�X����DRAFTqUh�hNh�h�h�U paragraphqVh }qW(h"]h#]h$]h%]h']uh)K�h�]qXh3X����DRAFTqYÖÅqZ}q[(h�hUh�hSubaubah�U
field_bodyq\ubeubaubhR)Åq]}q^(h�Xz���There is a requirement that search results contain only information for which the user has permission to read, which requires that access permissions for each item in the search results is examined. Search operations are high demand operations on Coordinating Nodes and will be targeted by a large number of clients. As such, efficiency of access control evaluation is critical.q_h�h�h�h�h�hVh }q`(h"]h#]h$]h%]h']uh)K�h*h�h�]qah3Xz���There is a requirement that search results contain only information for which the user has permission to read, which requires that access permissions for each item in the search results is examined. Search operations are high demand operations on Coordinating Nodes and will be targeted by a large number of clients. As such, efficiency of access control evaluation is critical.qbÖÅqc}qd(h�h_h�h]ubaubhR)Åqe}qf(h�X`���This document outlines an approach using the Lucene based SOLR index to provide such capability.qgh�h�h�h�h�hVh }qh(h"]h#]h$]h%]h']uh)K�h*h�h�]qih3X`���This document outlines an approach using the Lucene based SOLR index to provide such capability.qjÖÅqk}ql(h�hgh�heubaubh�)Åqm}qn(h�U�h�h�h�h�h�h�h }qo(h"]h#]h$]h%]qph�ah']qqh�auh)K�h*h�h�]qr(h,)Åqs}qt(h�X����Representing Access Rulesquh�hmh�h�h�h0h }qv(h"]h#]h$]h%]h']uh)K�h*h�h�]qwh3X����Representing Access RulesqxÖÅqy}qz(h�huh�hsubaubcdocutils.nodes
literal_block
q{)Åq|}q}(h�X2���record = [PID, isPublic, readGroups, readSubjects]h�hmh�h�h�U
literal_blockq~h }q(U xml:spaceqÄU�preserveqÅh%]h$]h"]h#]h']uh)K�h*h�h�]qÇh3X2���record = [PID, isPublic, readGroups, readSubjects]qÉÖÅqÑ}qÖ(h�U�h�h|ubaubh7)ÅqÜ}qá(h�U�h�hmh�h�h�h:h }qà(h"]h#]h$]h%]h']uh)K�h*h�h�]qâ(h=)Åqä}qã(h�U�h�hÜh�h�h�h@h }qå(h"]h#]h$]h%]h']uh)K�h*h�h�]qç(hC)Åqé}qè(h�X����PIDqêh�häh�h�h�hGh }që(h"]h#]h$]h%]h']uh)K�h�]qíh3X����PIDqìÖÅqî}qï(h�hêh�héubaubhM)Åqñ}qó(h�X����identifier of object
h }qò(h"]h#]h$]h%]h']uh�häh�]qôhR)Åqö}qõ(h�X����identifier of objectqúh�hñh�h�h�hVh }qù(h"]h#]h$]h%]h']uh)K�h�]qûh3X����identifier of objectqüÖÅq†}q°(h�húh�höubaubah�h\ubeubh=)Åq¢}q£(h�U�h�hÜh�h�h�h@h }q§(h"]h#]h$]h%]h']uh)K�h*h�h�]q•(hC)Åq¶}qß(h�X����isPublicq®h�h¢h�h�h�hGh }q©(h"]h#]h$]h%]h']uh)K�h�]q™h3X����isPublicq´ÖÅq¨}q≠(h�h®h�h¶ubaubhM)ÅqÆ}qØ(h�X@���boolean set true if the object is accessible by the public user
h }q∞(h"]h#]h$]h%]h']uh�h¢h�]q±hR)Åq≤}q≥(h�X?���boolean set true if the object is accessible by the public userq¥h�hÆh�h�h�hVh }qµ(h"]h#]h$]h%]h']uh)K�h�]q∂h3X?���boolean set true if the object is accessible by the public userq∑ÖÅq∏}qπ(h�h¥h�h≤ubaubah�h\ubeubh=)Åq∫}qª(h�U�h�hÜh�h�h�h@h }qº(h"]h#]h$]h%]h']uh)K�h*h�h�]qΩ(hC)Åqæ}qø(h�X
���readGroupsq¿h�h∫h�h�h�hGh }q¡(h"]h#]h$]h%]h']uh)K�h�]q¬h3X
���readGroupsq√ÖÅqƒ}q≈(h�h¿h�hæubaubhM)Åq∆}q«(h�XX���a multi-valued field that contains a list of groups that have read access on the object
h }q»(h"]h#]h$]h%]h']uh�h∫h�]q…hR)Åq }qÀ(h�XW���a multi-valued field that contains a list of groups that have read access on the objectqÃh�h∆h�h�h�hVh }qÕ(h"]h#]h$]h%]h']uh)K�h�]qŒh3XW���a multi-valued field that contains a list of groups that have read access on the objectqœÖÅq–}q—(h�hÃh�h ubaubah�h\ubeubh=)Åq“}q”(h�U�h�hÜh�h�h�h@h }q‘(h"]h#]h$]h%]h']uh)K�h*h�h�]q’(hC)Åq÷}q◊(h�X����readSubjectsqÿh�h“h�h�h�hGh }qŸ(h"]h#]h$]h%]h']uh)K�h�]q⁄h3X����readSubjectsq€ÖÅq‹}q›(h�hÿh�h÷ubaubhM)Åqfi}qfl(h�X[���a multi-valued field that contains a list of subjects that have read access on the object
h }q‡(h"]h#]h$]h%]h']uh�h“h�]q·hR)Åq‚}q„(h�XY���a multi-valued field that contains a list of subjects that have read access on the objectq‰h�hfih�h�h�hVh }qÂ(h"]h#]h$]h%]h']uh)K�h�]qÊh3XY���a multi-valued field that contains a list of subjects that have read access on the objectqÁÖÅqË}qÈ(h�h‰h�h‚ubaubah�h\ubeubeubhR)ÅqÍ}qÎ(h�X∑���A python function that would generate a suitable query for retrieving a list of PIDs for which a user has *read* access may be (note that subject strings need to be properly escaped):qÏh�hmh�h�h�hVh }qÌ(h"]h#]h$]h%]h']uh)K�h*h�h�]qÓ(h3Xj���A python function that would generate a suitable query for retrieving a list of PIDs for which a user has qÔÖÅq}qÒ(h�Xj���A python function that would generate a suitable query for retrieving a list of PIDs for which a user has h�hÍubcdocutils.nodes
emphasis
qÚ)ÅqÛ}qÙ(h�X����*read*h }qı(h"]h#]h$]h%]h']uh�hÍh�]qˆh3X����readq˜ÖÅq¯}q˘(h�U�h�hÛubah�U�emphasisq˙ubh3XG��� access may be (note that subject strings need to be properly escaped):q˚ÖÅq¸}q˝(h�XG��� access may be (note that subject strings need to be properly escaped):h�hÍubeubh{)Åq˛}qˇ(h�XÎ���def canReadQuery(subject):
#return list of public objects
if CN.isPublic(subject):
return "isPublic:true"
#public OR readable by group
if CN.isGroup(subject):
return "isPublic:true || readGroups: %s" % subject
#list of public objects, OR objects readable by groups subject belongs to
# OR explicitly readable by subject
groups = CN.getSubjectGroups(subject)
gq = "readGroups:(%s)" % " ".join(groups)
return "isPublic:true || readSubjects:%s || %s" % (subject, gq)h�hmh�h�h�h~h }r����(hÄhÅh%]h$]h"]h#]h']uh)K h*h�h�]r����h3XÎ���def canReadQuery(subject):
#return list of public objects
if CN.isPublic(subject):
return "isPublic:true"
#public OR readable by group
if CN.isGroup(subject):
return "isPublic:true || readGroups: %s" % subject
#list of public objects, OR objects readable by groups subject belongs to
# OR explicitly readable by subject
groups = CN.getSubjectGroups(subject)
gq = "readGroups:(%s)" % " ".join(groups)
return "isPublic:true || readSubjects:%s || %s" % (subject, gq)r����ÖÅr����}r����(h�U�h�h˛ubaubhR)År����}r����(h�X÷���Subjects are represented in DataONE as lengthy strings. There may be some performance improvements gained by mapping the subject strings to integers and using this representation internally within the Lucene index.r����h�hmh�h�h�hVh }r����(h"]h#]h$]h%]h']uh)K0h*h�h�]r ���h3X÷���Subjects are represented in DataONE as lengthy strings. There may be some performance improvements gained by mapping the subject strings to integers and using this representation internally within the Lucene index.r
���ÖÅr����}r����(h�j����h�j����ubaubhR)År
���}r����(h�Xœ���Keeping this index in a separate shard would enable it's maintenance and use independently of other indexes that may be used to support search against other properties of System Metadata or Science Metadata.r����h�hmh�h�h�hVh }r����(h"]h#]h$]h%]h']uh)K2h*h�h�]r����h3Xœ���Keeping this index in a separate shard would enable it's maintenance and use independently of other indexes that may be used to support search against other properties of System Metadata or Science Metadata.r����ÖÅr����}r����(h�j����h�j
���ubaubhR)År����}r����(h�X���Similar indexes can be generated for write, change, and execute permissions, though these are not needed for search operations.r����h�hmh�h�h�hVh }r����(h"]h#]h$]h%]h']uh)K4h*h�h�]r����h3X���Similar indexes can be generated for write, change, and execute permissions, though these are not needed for search operations.r����ÖÅr����}r����(h�j����h�j����ubaubhR)År����}r����(h�X����Draft SOLR schema fragment:r����h�hmh�h�h�hVh }r ���(h"]h#]h$]h%]h']uh)K6h*h�h�]r!���h3X����Draft SOLR schema fragment:r"���ÖÅr#���}r$���(h�j����h�j����ubaubh{)År%���}r&���(h�X}���<field name="pid" type="string" indexed="true" stored="true" required="true" multiValued="false" />
<field name="isPublic" type="boolean" indexed="true" stored="false" />
<field name="readGroups" type="string" indexed="true" stored="false" multiValued="true" />
<field name="readSubjects" type="string" indexed="true" stored="false" multiValued="true" />
<uniqueKey>pid</uniqueKey>h�hmh�h�h�h~h }r'���(U�linenosr(���âU�languager)���X����xmlhÄhÅh%]h$]h"]U�highlight_argsr*���}h#]h']uh)K8h*h�h�]r+���h3X}���<field name="pid" type="string" indexed="true" stored="true" required="true" multiValued="false" />
<field name="isPublic" type="boolean" indexed="true" stored="false" />
<field name="readGroups" type="string" indexed="true" stored="false" multiValued="true" />
<field name="readSubjects" type="string" indexed="true" stored="false" multiValued="true" />
<uniqueKey>pid</uniqueKey>r,���ÖÅr-���}r.���(h�U�h�j%���ubaubeubh�)År/���}r0���(h�U�h�h�h�h�h�h�h }r1���(h"]h#]h$]h%]r2���h�ah']r3���h�auh)KBh*h�h�]r4���(h,)År5���}r6���(h�X����Observationsr7���h�j/���h�h�h�h0h }r8���(h"]h#]h$]h%]h']uh)KBh*h�h�]r9���h3X����Observationsr:���ÖÅr;���}r<���(h�j7���h�j5���ubaubhR)År=���}r>���(h�X����A subject may participate in a potentially large number of groups which would result in a lengthy query string. The alternative would be to decompose groups with read access into a list of subjects, and just have a single list of subjects for each PID. This list could become very large.r?���h�j/���h�h�h�hVh }r@���(h"]h#]h$]h%]h']uh)KDh*h�h�]rA���h3X����A subject may participate in a potentially large number of groups which would result in a lengthy query string. The alternative would be to decompose groups with read access into a list of subjects, and just have a single list of subjects for each PID. This list could become very large.rB���ÖÅrC���}rD���(h�j?���h�j=���ubaubhR)ÅrE���}rF���(h�XŒ���An index may be replicated across multiple locations to ensure the access control index is sufficiently responsive. A load balancer such as HAProxy can then be used to direct requests to different replicas.rG���h�j/���h�h�h�hVh }rH���(h"]h#]h$]h%]h']uh)KFh*h�h�]rI���h3XŒ���An index may be replicated across multiple locations to ensure the access control index is sufficiently responsive. A load balancer such as HAProxy can then be used to direct requests to different replicas.rJ���ÖÅrK���}rL���(h�jG���h�jE���ubaubeubeubah�U�U�transformerrM���NU
footnote_refsrN���}rO���U�refnamesrP���}rQ���U�symbol_footnotesrR���]rS���U�autofootnote_refsrT���]rU���U�symbol_footnote_refsrV���]rW���U citationsrX���]rY���h*h�U�current_linerZ���NU�transform_messagesr[���]r\���U�reporterr]���NU�id_startr^���K�U
autofootnotesr_���]r`���U
citation_refsra���}rb���U�indirect_targetsrc���]rd���U�settingsre���(cdocutils.frontend
Values
rf���org���}rh���(U�footnote_backlinksri���K�U�record_dependenciesrj���NU�rfc_base_urlrk���U�https://tools.ietf.org/html/rl���U tracebackrm���àU�pep_referencesrn���NU�strip_commentsro���NU
toc_backlinksrp���U�entryrq���U
language_coderr���U�enrs���U datestamprt���NU�report_levelru���K�U�_destinationrv���NU
halt_levelrw���K�U
strip_classesrx���Nh0NU�error_encoding_error_handlerry���U�backslashreplacerz���U�debugr{���NU�embed_stylesheetr|���âU�output_encoding_error_handlerr}���U�strictr~���U
sectnum_xformr���K�U�dump_transformsr���NU
docinfo_xformrÅ���K�U�warning_streamrÇ���NU�pep_file_url_templaterÉ���U�pep-%04drÑ���U�exit_status_levelrÖ���K�U�configrÜ���NU�strict_visitorrá���NU�cloak_email_addressesrà���àU�trim_footnote_reference_spacerâ���âU�envrä���NU�dump_pseudo_xmlrã���NU�expose_internalsrå���NU�sectsubtitle_xformrç���âU�source_linkré���NU�rfc_referencesrè���NU�output_encodingrê���U�utf-8rë���U
source_urlrí���NU�input_encodingrì���U utf-8-sigrî���U�_disable_configrï���NU id_prefixrñ���U�U tab_widthró���K�U�error_encodingrò���U�UTF-8rô���U�_sourcerö���h�U�gettext_compactrõ���àU generatorrú���NU�dump_internalsrù���NU�smart_quotesrû���âU�pep_base_urlrü���U https://www.python.org/dev/peps/r†���U�syntax_highlightr°���U�longr¢���U�input_encoding_error_handlerr£���j~���U�auto_id_prefixr§���U�idr•���U�doctitle_xformr¶���âU�strip_elements_with_classesrß���NU
_config_filesr®���]U�file_insertion_enabledr©���àU�raw_enabledr™���K�U
dump_settingsr´���NubU�symbol_footnote_startr¨���K�U�idsr≠���}rÆ���(h�hmh�h�h�j/���uU�substitution_namesrØ���}r∞���h�h*h }r±���(h"]h%]h$]U�sourceh�h#]h']uU footnotesr≤���]r≥���U�refidsr¥���}rµ���ub.