Alerting and QBFR
Each target in a QBFR (Query Based Flexible Replication) configuration is associated with a user and a query. A target can only get documents that match the query and that the user is allowed to access. In QBFR, some flows must use the privileged user to run queries because the process needs to figure out what documents will be deleted from a target. Internally, alerting uses reverse queries to determine the set of matching rules for a given document or node. The matching rules are then used to trigger the appropriate action for the target user of each matching rule.
There is a two-pass rule matching approach; first the rule matching runs against the full version of the document, then for each matching rule, a second match test is performed using the version of the document that the target user of the rule is allowed to see.
Now, a rule that matches “hello” will not trigger the action if the target user cannot see “hello” due to element level security protection. Using element level security, MarkLogic Server will deliver a redacted version of the document, based on element level security configuration of protected paths and the user’s role.
Note
When using element level security with Alerting and QBFR, if a query contains a “NOT” clause, you may see false negatives. What this means is documents might not be replicated when the alerting rule contains a cts:not-query() due to the false negatives.