Can we filter document in nested object with user.metadata jobs?

Hello,
I'm new on Elastic solutions and i'm actually testing x-pack.

I am searching to filter what can see users in an Elasticsearch index, futhermore I want to filter some document into a nested object.

I will explain a short scenario: We got two users: Alice and Bob Alice work on X and Bob work on Y We got document about Movies : Example: name : Matrix date : 1999 actors : [Keanu Reeves, Laurence Fishburne]

Now I want to filter what can see Alice and Bob in the actors field. By example Keanu Reeves can be seen by who work on X and Laurence Fishburne can be seen by who work on Y.

To do this I am tring to use X-Pack security properties but I have some problems and maybe you will help me.

There is my Index mapping :

{"settings": {
        "index": {
            "number_of_replicas": 0,
            "number_of_shards": 1
        }
    },
    "mappings": {
            "properties": {
                "security_attributes": {
                    "properties": {
            "level": {"type":"short"},
                        "jobs": {"type":"keyword"},
                        "min_jobs": {"type":"short"}
                    }
                },
        "name":{"type":"text"},
                "date":{"type":"text"},
        "actors":{"type":"nested", 
                "properties":{
                    "security_attributes":{
                        "properties":{
                            "level": {"type":"short"},
                                        "jobs": {"type":"keyword"},
                                        "min_jobs": {"type":"short"}
                            }
                        },
                    "name":{ "type": "string"}
                    }
                }
             }
        }
    }'

And I try to grant a query template at user roles.

{"template":
    {"source":"
        {"bool":
             {"filter":
                 [{"range": 
                    {"security_attributes.level": 
                        {"lte": "{{_user.metadata.level}}"}}},
                {"terms_set":{"security_attributes.jobs": 
                    {"terms":{{#toJson}}_user.metadata.jobs{{toJson}},
                    "minimum_should_match_field": "security_attributes.min_jobs"}}}]}}"}
}

To filter document by roles or jobs that work know I want to filter inside the nested object by jobs but I don't know how I can add this filter to the previous template.

Someone have an idea ?

I'm afraid this is not possible.

You can control which fields are visible to which users, and you can control which documents are visible to each user, but you cannot filter a field.

1 Like