We must :
- index / reindex security
- integrate security filtering is query system (i.e. not only post filtering)
This is done with a limitation to simplified ACL which means we only handle DENY on Everyone (block all rights) and not DENY on principals.
If the instance contains complex ACL they are indexed with a special tag "UNSUPPORTED_ACL" and then filtered from search results.
This means that documents with a negative ACE will be not visible so we do not create security breach.
Note that Administrator account will see all documents without security filtering.