How does enterprise search display results for the user and hide unauthorized results?

I am looking to understand how enterprise search solutions tackle the issue of user-permissions.

My question is on displaying the search results for users. The naive approach would display the search r开发者_如何学编程esults to the user, and then if the user clicks a document he is not authorized to see, he will fail to open it. However, it is even forbidden to display a document's title or excerpt if the user does not have permission to read it. So do the various enterprise earch engines:

1. index each document together with its ACL?
2. index all documents with no permission info, but check each link in every search result to see whether the querying user has permission to view this link?

Option #2 makes more sense to me, but also seems much slower than option #1.

Option #1 suffers from the need to constantly update the changes in permissions on the indexed documents.

I am looking to understand what is the common approach in the existing solutions in the market today. Is there a third option?

I'm surprised to see that this 5 year old question hasn't got any answers, as I think it's quite a common and important problem in enterprise search.

As outlined in the question there are two common approaches to deal with document-level security:

• early-binding-security: indexing ACL's along with the content, and
• late-binding-security: handling security at query-time, by filtering out protected results

Handling security on content side only is never recommended as at that point in time confidential information might already have been revealed (e.g. title or preview of a document in the search result).

The advantage of implementing security with a late-binding approach is, that it's very flexible, because there is no need to re-index content upon changed ACLs. The biggest drawback however is, that by doing so, confidential information might be leaked via facet values, and it's not possible to retrieve and display correct facet counts. It also more difficult to properly populate the result list and handle pagination. Last but not least, this approach can significantly slow down the performance.

The advantage of implementing security with an early-binding approach is, that it addresses all of the above disadvantages for the price of re-indexing the content as soon as ACLs change. However, leaks are still possible, e.g. when a group membership or ACL just got changed and isn't reflected yet in the search index. To address this gap the two approaches early-binding and late-binding are often combined.

Last but not least there might be a third option, depending on the Enterprise Search Platform you are using: Attivio's Active Security is based on query time joins, which allows to index security information independent from the document itself, but at query time merges the two documents to ensure that only authorised content makes it into the search results.