How to manage fine grain permissions in Elasticsearch?

I need to consistently store the role / groups that can access the information, but I'm not sure if this is the best way to do it.

Summary: I have 2 types of documents "tweet" and "blog":

• At the level, tweet
  
  I keep the name of the group available for accessing information
• blog
  
  more complicated, there are metadata ( title
  
  , description
  
  , nature
  
  ...), but some of this information may be restricted to certain groups of users (only admin
  
  or logged_in
  
  )

What's the best way to map this to Elasticsearch?

As of today, I am getting documents like:

/tweet/455
{
    id: 112,
    ugroups: [ "restricted_user", "admin" ],
    description: "foo",
},
{
    id: 113,
    ugroups: [ "anonymous" ]
    description: "foo",
}

      

        
        
        
      

    

and

/blog/500
{
    id: 5,
    fields: [
        {
            "nature": {
                "value": "foo",
                "ugroup": [ "admin" ]
            }
        }
    ]
}
{
    id: 6,
    fields: [
        {
            "comment": {
                "value": "foo",
                "ugroup": [ "anonymous" ]
            }
        }
    ]
}

      

        
        
        
      

    

When a user wants to search in tweet

, it's simple, I build a query term

with the words provided by the user and add the groups this query belongs to.

But how to make a request that will perceive this "group" at different levels?

Ideally, I can ask a query like:

• search in tweet
  
  with tweet.ugroup: "anonymous"
  
  and in blog
  
  withblog.fields.*.ugroup: "anonymous"
  
  

Is there a way to write a query like this?