I think it would be very wrong to assume that Ferret is the most popular choice for this. Most people I know have ditched Ferret and replaced it with Sphinx. And the people who can't use Sphinx for some reason have opted for Xapian.
That said, the answer to your question is likely to be largely the same regardless of the indexing system you choose:
When you're dealing with permissions and indexing, you can't effectively index anything related to the permissions system because it's going to be user-specific. All your permissions stuff needs to live in your models/controllers somewhere. I'm fond of putting all my permissions stuff in a module and then including it in my model, so that I can easily share it between models.
Pagination can be a real pain for this kind of thing because you request 10 items from your search engine, and then your permissions code rejects 5 of those items, which means you have to keep running searches until you have your first ten items to display. And now when you want page two, well, things turn into a real mess then. Heaven forbid they decide to skip straight to page ten, because now you can't do tricks like giving a start ID instead of a page number. Really, it's not something you want to do at all if you can help it.
There really are no "clever" ways of getting around the mismatch between permissions and full-text indexing. At least, none that I know of. It's just a pain.
I suggested to my boss when we first started out that the only sane solution was an egalitarian permissions system: If we gave you a username and password, then you have access. He wasn't a fan.