When someone adds new user and affect it to Sitecore roles in Sitecore, CES doesn't expand the user's security groups nor the known groups members in the CES security cache. When the new user query the index, he have access to nothing but anonymous-available documents. Eventually, when a security cache update is done (at midnight every day or manually), the user gain access to the secured content he has rights to access.
If Sitecore have pipelines triggered at user/role creation and modification, we could add processors to those pipelines that would ask CES to re-expand the relevant groups/users securities to keep the Sitecore securities and CES security cache in sync.
Calls exists in the COM Admin to expand securities : https://ask.corp.coveo.com/questions/3212/expand-a-particular-group-in-the-security-cache
Also, there is a hidden SynchronizedExpansion parameter on security providers that seems to expand new security cache members at query time instead of adding them without expanding them. This setting is usually set via a vbscript but I think it would be possible to set it on our Sitecore security providers automatically.
|I need it...||Not sure -- just thought it was cool|