Document level access control

Elastic Stack Elasticsearch
1

Hi, Below is our scenario. I couldn't find how to implement this with using both the data in ES and Mysql. Could any of you pls suggest a solution or give some ideas - Thnx

Each of our document in ES equates to a file in our main application. And each User will have access to these files depending on their department, hierarchy, sharing etc. This User access data is stored in mysql database while the documents are stored in ES.

How can we now use the access control data in mysql while querying ES? Users should be able search/see only the documents they have access to.

We can form the criteria from mysql DB and a join would work if the documents were also in mysql. But how do we achieve same with documents being in ES?

Appreciate your thoughts/ideas on this.

Thanks

2

Al tough I can understand the use case (I think) default out of the box this will not work, as you have found out. Basiclly you want the authentication / authorization part handled by mysql and the based on the authorization from mysql query ES.

  1. What method is used to do the querieing? API, GUI, Both of them?
  2. What prevent the user to access ES directlly? This is a retorical question btw..
  3. Once you establish the ROLE of the user (read authorization) how are you preventing the queries from being updated with fields / data that "They" are not allowed to see?

I see alot of problems here :slight_smile: