How to manage fine grain permissions in Elasticsearch?
I need to consistently store the role / groups that can access the information, but I'm not sure if this is the best way to do it.
Summary: I have 2 types of documents "tweet" and "blog":
- At the level,
tweet
I keep the name of the group available for accessing information -
blog
more complicated, there are metadata (title
,description
,nature
...), but some of this information may be restricted to certain groups of users (onlyadmin
orlogged_in
)
What's the best way to map this to Elasticsearch?
As of today, I am getting documents like:
/tweet/455
{
id: 112,
ugroups: [ "restricted_user", "admin" ],
description: "foo",
},
{
id: 113,
ugroups: [ "anonymous" ]
description: "foo",
}
and
/blog/500
{
id: 5,
fields: [
{
"nature": {
"value": "foo",
"ugroup": [ "admin" ]
}
}
]
}
{
id: 6,
fields: [
{
"comment": {
"value": "foo",
"ugroup": [ "anonymous" ]
}
}
]
}
When a user wants to search in tweet
, it's simple, I build a query term
with the words provided by the user and add the groups this query belongs to.
But how to make a request that will perceive this "group" at different levels?
Ideally, I can ask a query like:
- search in
tweet
withtweet.ugroup: "anonymous"
and inblog
withblog.fields.*.ugroup: "anonymous"
Is there a way to write a query like this?
+3
source to share
No one has answered this question yet
Check out similar questions: