Facets in secure collections

If security is enabled for a collection and the collection is configured to enforce pre-filtering of results, the results can include all facets configured for the collection. If the collection is configured to enforce post-filtering of results, you must specify which facets you want to make available for search.

To calculate an accurate number of documents when post-filtering results, the system must perform real time verification for each document that belongs to each facet, which greatly lengthens the query response time. By limiting the facets available for search, you can achieve a balance between secure faceted search and acceptable query response times.

On the Security view of the administration console, you can configure document-level security settings for all documents in the collection. If the Do not validate current credentials during query processing check box is clear, post-filtering of search results is enabled. In the list of facets available for the collection, select the facets to be counted when users query this collection.

Important: There is a possible security exposure when both post-filtering of results and facet counting are enabled for a collection. Because documents are dropped from the results during the post-filtering stage, the number of documents in the results might be different from the counts that are shown for a facet. For example, the facet count might be larger than the number of documents that the user is actually allowed to search or view in the search results.