When I encountered this issue with Plucene, a Perl port of Lucene, I simply included a "userids" field with each document, which was a space-separated list of the id numbers of users allowed to see that document.

The only concern with this mechanism is the ease of updating the "userids" field. If the user list changes often, this becomes a lot of work to maintain.

That said, what I did is roughly the same as adding " AND userid:5" to each search.

On the other hand, if you have your search compare the permissions associated with the userid to those allowed (and have dealt with the possible problems of spoofed messages), then you're right, it becomes a relatively simple, easily maintained db.

(Note: I'm utterly unfamiliar with lucerne or the actual tools you've used. The above comments are what came to mind as a programmer, considering the question posed).