Document level & Field level security with HighLevelRest client


We have built an angular and SpringBoot based application to search the data in elasticsearch and render the search details in UI. Angular frontend has sign in with access restricted with RBAC. Now I want to restrict the query with doc level & field level access based on the roles details available springboot application by passing the roles details to high level rest client. Is this possible? My understanding from elasticsearch documentation is the field and doc level security is possible while directly calling the elasticsearch REST endpoint. But the Springboot application uses the technical user to connect to the cluster. Please advice how to achieve doc & field level security with high level rest client.

How about using run-as? See Submitting requests on behalf of other users | Elasticsearch Guide [7.13] | Elastic

Thanks, let me try this.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.