Query-time Authorization API Characteristics

Query-time authorization has the following characteristics:

• It allows dynamic access control at search time compared to more static ACL stamping.


• It filters documents returned to a search user.


• It controls the Browse functionality to determine whether a folder is visible to a search user.


• Optionally, it allows pruning of an entire source from the results to reduce performance costs of filtering each document individually.


• It is applicable to all source types except self service and federated sources.

Query-time filtering is handled by class implementations of the QueryTimeFilter interface.

Some of the important concepts related to QTA API include:

• Filtering Document Access
• Filtering Folder Browsing
• Pruning Access to an Entire Source