Hi,
I'm struggling with an ES design and I'd like to share with you.
I have a set of different documents stored in ES, those documents can be
seen only by a set of people.
To address this point, for each document, I have a property 'groups' with
the list of user groups allowed to access it ('all', 'project_members',
'designers', etc)
On query, I just have to add the list of groups a user belongs to and tada,
it works. Great.
Now some of those documents are hierarchically stored, so the permissions
are.
Pretty much like unix folders:
- I can have a document that is world readable
- but as long as this doc is in a folder that is only readable by one user,
only this user can access the doc.
How can I map this in ES?
I've read
Sounds like parent/child might be a solution but:
- How do I write the query to have permissions applied ?
Thanks for your help;
Manuel
--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/bf69d9fe-5cb1-4d2b-bf24-8564b3b643c0%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
You can check out https://github.com/salyh/elasticsearch-security-pluginwhich supports authorization and ACLs on document level.
If you implement your own ACLs I would recommend to de-normalize the
permissions for your hierarchical documents (i.e store only the effective
permissions for each document inside the document).
Otherwise the queries (if you store the in a client/parent relationship)
will quickly become very complex and also it performance might be suffering
if you have many documents.
On Sunday, May 18, 2014 11:01:02 AM UTC+2, Manuel Vacelet wrote:
Hi,
I'm struggling with an ES design and I'd like to share with you.
I have a set of different documents stored in ES, those documents can be
seen only by a set of people.
To address this point, for each document, I have a property 'groups' with
the list of user groups allowed to access it ('all', 'project_members',
'designers', etc)
On query, I just have to add the list of groups a user belongs to and
tada, it works. Great.
Now some of those documents are hierarchically stored, so the permissions
are.
Pretty much like unix folders:
- I can have a document that is world readable
- but as long as this doc is in a folder that is only readable by one
user, only this user can access the doc.
How can I map this in ES?
I've read
Elasticsearch Platform — Find real-time answers at scale | Elastic
Sounds like parent/child might be a solution but:
- How do I write the query to have permissions applied ?
Thanks for your help;
Manuel
--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/8ec9e5ac-ee20-4863-bb51-d52c39dbe64b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.