Thursday, February 01, 2007

Google Mini appliance to support Active Directory

The new Google Mini appliance will support Active Directory. The support for AD will be available in the 2.2 version of the appliance which releases next week. Adding the support for AD makes perfect sense. If you're going to index documents in a corporate network you need to support AD.

I understand that it will also serve up results based on your own identity/authorization. So, you may search for "Quarterly results" and it may have 50 search results for this term but if you don't have access to those directories or files then the Mini will not serve up the results to you.

This implies to me that it is caching the ACLs. Hmmm, interesting. I can see a lot of potential here. If I was an administrator or, even better, an application, how could I access that ACL cache? Assuming Google knows how to search (!) wouldn't it be great if there was a complete enterprise ACL cache out there that is searchable? If Google Analytics could report on the ACL cache? If Google Analytics could show the changes over times, the changes to a file or directory's security settings, answer questions like "What files does Jackson have access to?", etc.

The "Google Compliance Appliance"?

Very interesting...

Dmitry Sotnikov said...

They actually don't do any ACL caching. Instead, when the secure search is being used, they dynamically check your access to each document when they serve you the results.

This could be pretty bad when you just have access to the fraction of data and the documents to which you get access are far from the first ten being relevant, etc.

They claim that in reality such issues are very rare because normally the most relevant documents are also being used by a large majority of users. However, if the issue becomes a problem they have workarounds such as implementing different search sets (slices of your index) for different roles, etc.

But I like your idea. It's just that the Google appliance is not the right tool for it.