How do we handle admin user with lots of permissions?

Morriaty · April 28, 2020, 3:53am

Hi, I am not sure what's the underlying logic of document level permission. I suppose it's something like:

get the permission list of current user
construct a terms filter on field _allow_permissions

This search logic is easy for:

super-admin user: he could read any documents, no permisson filters at all.
normal user: he could read part of documents, with several permisson filters.

But when it comes a second level admin user, things get difficult. Say we have 10,000 unique permissons, he could access 7,000 permissions among. I worry about the performance if we construnct a 7,000 length terms filter.

So is there any other delicated design underlying the document level permission logic?

system · October 31, 2022, 2:48am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Granular user-document level permissions Elasticsearch elastic-stack-security	6	224	October 27, 2022
Field and Document Level Security Limitations Elasticsearch	6	1785	March 8, 2017
Document Level Permissions Filtering Elasticsearch	19	5927	July 5, 2017
Permission Trees Elasticsearch	7	677	July 6, 2017
Help with query touching 2 indexes (like an exists join in sql) Elasticsearch	1	412	November 8, 2017

How do we handle admin user with lots of permissions?

Related topics