Generally, enterprise-level application designers must take into account four main security considerations for any search application:
- Network access to the various components of the service
- Authentication of users
- Authorization to use various parts of the user interface
- Authorization to view certain documents
LucidWorks implements security for each of these as follows:
Network access (LucidWorks Enterprise only): Because the components of LucidWorks (LWE-Core and LWE-UI) run on different ports, an administrator can easily secure individual components at the network level by restricting access to the port in question. For example, if only the Admin and Search UI services need to be accessible outside the production network, an administrator can leave those ports can be open while blocking LWE-Core. The chapter Securing LucidWorks describes this process in more detail. Note that if you are using the LucidWorks Platform's document authorization features, this step is particularly important, as direct access to the underlying Solr application can circumvent these measures.
User authentication (LucidWorks Enterprise only): LucidWorks supports LDAP binding for user authentication, so an administrator can create roles or groups on an external LDAP server, then use them to control access to UI functionality or sets of documents. The chapter LDAP Integration describes how to configure LDAP for LucidWorks.
UI authorization (LucidWorks Enterprise only): LucidWorks controls access to the Admin UI and the Search UI. The chapter LDAP Integration discusses how to configure these access levels in order to give different LDAP users and groups authorization to use these different functions.
Document authorization: LucidWorks allows the administrator to configure document filters for different roles. These document filters then limit what documents appear in search results for users in those roles. For example, the administrator can create a filter that enables users in the finance role to see only documents that satisfy a query of department:finance. You can create these filters with the Search Filters screen of the Admin UI. LucidWorks also enables the creation of document-based filtering, in which only the owner (or owners) of a document are able to see it. The section Restricting Access to Content describes how to set up your documents to support this functionality.