Document Level Security Based On External Data



I have a use case where I need to restrict access to documents in an Elasticsearch index based on the user executing the query and one of the attributes in the document. The catch is that this is dynamic and the logic to determine if a user can see a specific document is a bit convoluted and based on data in an external database. Conceptually it would be nice if I could have a dynamic filter (e.g. plugin) configured in Elasticsearch that would take as input the connected user and the document (or a subset of its fields) and return a boolean indicating whether the document should be returned to the user.

Does such a solution exist in Elasticsearch or any third party products?

(Christian Dahlqvist) #2

Calling out to an external system per user and document sounds extremely slow and I do not recall seeing any solutions that allow this.

Elasticsearch security does however support document-level security, both based on roles as well as attributes, so it might be possible to build something that matches what is in your external system. Have a look at the following blog posts for some examples:


Christian thanks for the reply. I will take a look at those posts.

A callout does not have to be slow. If implemented as a plugin on the server and the plugin implemented some type of smart computational cache then it could only be a few extra lines of Java executed when there was a cache hit. For example the cache entry could be a set of allowed values of the attribute(s) that is computed on the first document that a user searches for rather than for every document in a search. It could also save that cache entry between searches and since the underlying model in my case is dynamic it could refresh it if it passed some expiration time. Again this refresh would be done only for the first document in the new search.

(Christian Dahlqvist) #4

If it is going to be fast I suspect a custom plugin will be required.

(system) #5

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.