We’ve joined forces with Smartlogic to reveal smarter decisions—together.

Can It Be Searchable — But Not Readable?

Working with brainiacs, great discussions spontaneously occur. The following situation arose: A client wanted  all data to be searchable – but not all data readable. The instance they gave was an HR person knowing that specific forms were there — but not allowing them to be read. What were best practices? Our engineering and field teams weighed in:

  • Generally speaking, database permissions do not distinguish between letting you know a document exists and letting you read the document. The default is to have security role-based so that if you cannot read a document, you aren’t even allowed to know it exists. You could make a function that would have elevated permissions to see documents that the calling user may not otherwise be able to see, but the function would only return to the caller only whether or not documents exist.
  • We implemented something like this for a national lab. The search was elevated to a higher user context  to return back a set of search results and limited metadata for an asset.  When users attempted to view the asset and they lacked permission, they could fill out a form to request access to the asset.
  • While this is a capability we can deliver well, the prospect should think through the security implications of even letting users know that documents exist that match a query. For example, if you allow full-text search on HR docs and store comp plans in a standard format, it would be easy to brute-force everyone’s salary by searching for names and possible salary values (“john smith ‘salary: $1,000′”,  “john smith ‘salary: $2,000′”, etc.) until you get a hit back, even if you can’t see the matching document.
  • In media, clients will make documents searchable – so that the asset is discoverable — but gate the documents behind a paywall if the reader does not have proper credentials. 
  • In some cases people require parts of a document be secured for reading them, but are fine with them being in the search index. E.g. national security – ‘Show me every document pertaining to Organisation X.” Knowing it exists is a GoodThing[™] as it then allows intelligence personnel to request access to the full content. In some cases, some users will be able to read the information in an intelligence report, but not the report section saying ‘Future surveillance,’ for example. It is possible to embed security within document content and use MarkLogic to redact these documents on the fly. This relies on the application assigning a standard in-document security tagging mechanism though.

According to my colleague Adam Fowler, “There really is no easy answer – it depends entirely on the data, what you need to index — and the organizational mandates and restrictions that exist.”

Chief Content Strategist

Responsible for overall content strategy and developing integrated content delivery systems for MarkLogic. She is a former online executive with Gannett with astute business sense, a metaphorical communication style and no fear of technology. Diane has delivered speeches to global audiences on using technologies to transform business. She believes that regardless of industry or audience, "unless the content is highly relevant -- and perceived to be valuable by the individual or organization -- it is worthless." 

Start a discussion

Connect with the community




Most Recent

View All

Unifying Data, Metadata, and Meaning

We're all drowning in data. Keeping up with our data - and our understanding of it - requires using tools in new ways to unify data, metadata, and meaning.
Read Article

How to Achieve Data Agility

Successfully responding to changes in the business landscape requires data agility. Learn what visionary organizations have done, and how you can start your journey.
Read Article

Scaling Memory in MarkLogic Server

This not-too-technical article covers a number of questions about MarkLogic Server and its use of memory. Learn more about how MarkLogic uses memory, why you might need more memory, when you need more memory, and how you can add more memory.
Read Article
This website uses cookies.

By continuing to use this website you are giving consent to cookies being used in accordance with the MarkLogic Privacy Statement.