Document groups privileges


(Hossam Zalabany) #1

Hello Elasticers

have anyone experience with having different groups of documents each have certain access privileges from certain users? I mean for editing or adding new documents into this group?

the case is that, we want to use ES as a single data repository for multiple projects, but each project should feed ES with his own documents, each project should be stand alone in document creation and editing, and they wish that not every user with edit privilege can edit all documents, just the assigned group. is it possible? any use case?

thanks

Hossam


(James Addison) #2

I haven't researched this, but I imagine the best approach is simply to have a 'groupID' keyword field and require that all of your queries use a term filter against this field.


(Hossam Zalabany) #3

Jello james, many thanks for your reply, the query part is okay to Handel, I mean the documents adding and editing part.


(James Addison) #4

I must have read too quickly, my apologies. Overall, it sounds like something you'd need to handle in your app code.

  • when saving a new doc, set the group and only save it with that group if the user is allowed to
  • when editing a doc, retrieve it first, and compare whether the user is allowed to modify docs in that group

I guess have a separate index for users/groups pairings as well?


(Mark Walkom) #5

Security will do what you want. You should also consider having an index per project, assuming you won't have massive amounts of projects.


(Hossam Zalabany) #6

something like 100 ?


(Mark Walkom) #7

Then an index per project is ok. If it were thousands it'd be different.


(Hossam Zalabany) #8

hello Mark,

I checked the link for the Security you provided, I guess I am still lost about how it can be feasible specially from sys admin prospective not developers prospective, I tried to visualise tha Idea we want to achieve in the next image

we need to build different apps can use ES as data storage and search engine, sure each app will use it's own index, this is not the issue, the issue we need to be sure that the apps cannot interfere with each other when it comes to documents adding, editing and so on, some apps should be able to build indexes using different documents groups as index 5 in Picture.

is is simply feasible and where to find more documentation or consultation for that ?

all the best


(Mark Walkom) #9

Right, so Security can restrict access to ensure this.

There's no index 5 there. But again, Security can stop specific apps from doing specific things.


(system) #10

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.