How to specify role when using search API

Elastic Stack Elasticsearch
1

Hello,

I'm using elasticSearch with a nodejs/mongodb application. I want to set up permission and role on documents. I saw that X-pack was doing what i want.

I have a problem, i try the following permission :

POST /_xpack/security/role/dept_role
{
"indices" : [
{
"names" : [ "*" ],
"privileges" : [ "read" ],
"query" : {
"term" : { "department_id" : 12 }
}
}
]
}

But when i'm using the search api on elasticsearch i don't know how to specify my role? Maybe i don't understand how it's working. Can someone help me? Thanks.

EDIT : More details : in my nodejs app , when i want to search document i use the search API (GET /myIndex/_search/ {myQuery}) When i search i want to specify my role that i defined in x-pack) . Sorry if my english is bad :smiley:

2

Hello @nadirHafs ,

But when i'm using the search api on elasticsearch i don't know how to specify my role?

Roles pertain to users by a process called Role mapping and there is an API to configure it. In a request you identify as a user in a realm which will then have roles assigned to it which subsequently grant the user privileges over indices, docs and fields.

3

Thanks for you reply, i didn't have the knowledege about realm :slight_smile: . But i still want to specify my user in that kind of query :

Passing a full request definition in the Elasticsearch’s Query DSL as a Hash.
const response = await client.search({
index: 'myindex',
body: {
query: {
match: {
title: 'test'
}
},
facets: {
tags: {
terms: {
field: 'tags'
}
}
}
}
});

When you say "you identify as a user in a realm" , how can i do that in my javascript query? Thanks

PS : Here in SOAP UI i can add authentication (left bottom corner)

authentication
authentication.png1180×523 22.7 KB

I want to do the same with the javascript client.

4

When you say "you identify as a user in a realm" , how can i do that in my javascript query?

The short answer is that the HTTPS request needs to have attached the BASIC AUTH HTTP Header. In curl that will be the -u option.
But you really need to cover the docs on these topics:

5

Ok thanks you very much i think its all clear : )

6

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.