Document-level Permissions Approach

Jori_2 · July 11, 2012, 2:58pm

Hi,

I have a question about how to implement the following in ElasticSearch:

Tokens can be a User IDs, Organization IDs, and Group IDs.
(To make this example easier to follow I am using single-character tokens
but in reality they are 16-character long strings that are the
Base64-encoding of 12-byte MongoDB IDs. There is also a unique Public ID
which all public documents have and which all queries can access.)
Each user has access to a list of tokens they are authorized to
access.
Each document has a list of tokens that are authorized to access
it.

I tried to do something like the following:

SAMPLE DOCUMENT

{
content: "Some sample text",
auth: [ "A", "C", "D" ]
}

SAMPLE QUERY

{
"query": {
"filtered": {
"query": {
"query_string": { "query": "sample" }
},
"filter": {
"terms": { "auth": [ "A", "B" ] }
}
}
}
}

This query is not working for me. I am trying to use terms to basically
to do an array/array intersection test but it seems like it can only do a
single-value/array intersection test since the example works if I replace:

auth: [ "A", "C", "D" ]

with

auth: "A"

Is there a way to make terms work with this or should I be taking a
different approach?

Thank you!

p.s. Thanks for/to ElasticSearch and its community.

Hendrik · November 20, 2013, 9:16am

Maybe this is interesting
https://groups.google.com/forum/?fromgroups#!topic/elasticsearch/tavroa3Nw5g

Am Mittwoch, 11. Juli 2012 16:58:01 UTC+2 schrieb Jori:

Hi,

I have a question about how to implement the following in Elasticsearch:

Tokens can be a User IDs, Organization IDs, and Group IDs.
(To make this example easier to follow I am using single-character tokens
but in reality they are 16-character long strings that are the
Base64-encoding of 12-byte MongoDB IDs. There is also a unique Public ID
which all public documents have and which all queries can access.)

Each user has access to a list of tokens they are authorized to
access.

Each document has a list of tokens that are authorized to
access it.

I tried to do something like the following:

SAMPLE DOCUMENT

{
content: "Some sample text",
auth: [ "A", "C", "D" ]
}

SAMPLE QUERY

{
"query": {
"filtered": {
"query": {
"query_string": { "query": "sample" }
},
"filter": {
"terms": { "auth": [ "A", "B" ] }
}
}
}
}

This query is not working for me. I am trying to use terms to
basically to do an array/array intersection test but it seems like it can
only do a single-value/array intersection test since the example works if I
replace:

auth: [ "A", "C", "D" ]

with

auth: "A"

Is there a way to make terms work with this or should I be taking a
different approach?

Thank you!

p.s. Thanks for/to Elasticsearch and its community.

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

Topic		Replies	Views
Document level security alternatives for indexing requests Elasticsearch	1	221	March 26, 2022
Noob looking for some guidance on Document level secure index Elasticsearch	3	476	July 5, 2017
Authorization filtering? Elasticsearch	1	313	July 6, 2017
Document Level Security Problems Elasticsearch elastic-stack-security	7	1412	July 6, 2017
Access filtering in tree structure Elasticsearch	9	2088	June 13, 2018

Document-level Permissions Approach

Related topics