In reading through the X-Pack security-related documentation, I see that you can impersonate users while executing queries.
First what's best in setting up document-level security? Just a _user.metadata field (hash holding custom metadata of the current authenticated user)? Can I read this hash from the user's index later, to add it to PUT requests?
In my case, a cron job will eventually be writing data to an index. While inserting data for a specific user, does this have to use the 'run_as' mechanism or is it sufficient to populate the document's _user.metadata field with this, to uniquely identify the user?