Reverse Indexes
Similar to the case for triples (see SPARQL), if an element that contains a cts:query() matches a protected path of any role, or any part of the cts:query() matches any role, the query won’t be added into the reverse index unless the document’s security is stronger than the element security on the element. See Node Update and Document Permissions Expanded for details. A cts:reverse-query() that would normally find a document containing a matching cts:query() will no longer match once the embedded cts:query() (or its children) is protected by element level security that is stronger than the document’s security.