In our application we have the need to restrict access to data. We would
like to use filters for that. The filtered aliashttp://www.elasticsearch.org/guide/en/elasticsearch/reference/current/indices-aliases.html seems
like a nice way to do that and my original thought was to simply create an
alias for each user and then add a filter to it as needed.
That would work quite nicely, however we split the content potentially
across many indices (think logstash and it's default per day index).
Sadly a filter alias can only point to one index (wildcards don't seem to
work in the 'index' either), which I assume is due to making it also work
for document posting and updates ....
With that said, is there something obvious I'm missing to get the desired
functionality of applying/forcing a filter dependent on a user?
Right now I'm considering 2 choices:
create per user aliases for each index they should have access to and
then running the search against /*/. That seems like it quickly
becomes hard to scale and manage
store the user filters in ES and having a shim that inserts them at
query time. Right now I already use a shim to authenticate via an HTTP
header token through an nginx proxy
Any thoughts and opinions would be most welcome.
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to email@example.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/9001455a-f75a-4161-b475-9d2d266369cc%40googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.