Index data level security

Wanted some guidance on how to setup data level security . I have a index with a field plant_id and I have user list that I intend to map users to the corresponding plant id and when users searches ES or access Kibana dashboard they can only see there corresponding plant id documents. Please advice

You‘re looking for document level security: Document level security | Elasticsearch Guide [8.7] | Elastic

Is that enough of a pointer to get you started?

Thanks Xerra. Appreciate your response. Could you please guide me how to map user to the underlying documents? We have around 3000 users and can we load those users into an index or import directly from excel and map to the index column (plant_id) to the corresponding users? if yes can u point me to the steps please?

POST /_security/role/dept_role
"indices" : [
"names" : [ "*" ],
"privileges" : [ "read" ],
"query" : {
"term" : { "department_id" : 12 }

The mapping is generally: You create a role (like department ID 12) and then assign a user to one (or more) departments. Besides creating user manually in Kibana, you could also do that through the API or, if you have a lot of users, you might want to rely on an external tool like LDAP,... 3,000 users sounds a lot for onboarding and off-boarding, so an SSO solution might make more sense?

As a sidenote, if the mapping of departments is tedious, you could also look into Attribute Based Access Control (ABAC): Document-Level Attribute-Based Access Control in Elasticsearch | Elastic Blog

PS: Both document-level security and SSO are paid features of the Elastic Stack (or part of Elastic Cloud).

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.