Is is possible to secure ES indices based on a client ID?


#1

In a forthcoming platform, we will have several clients accessing data through a dashboard. Is it possible to secure an ElasticSearch index based on a specific client ID?

I realize that this would require some master/lookup index, which would mean that we would also have an ES index with user data.

The driving force behind this is that we would like to secure each client's data so that other clients are not able to access others' indices by merely trying to guess a clientID.

For this my suggestion is that a after a request is received by the server, we tack on the client ID (server-side) before the request is sent to ElasticSearch.

To make this happen I would think that every document within all of a client's indices would have a ClientID field. The request obviously starts with the index name, but the server will add their ClientID (GUID), which would never be seen by the client themselves (an internal ID).

Suggestions please.


(David Pilato) #2

Have a look at Xpack (commercial plugin made by elastic).


#3

I have XPack installed. Can you please elaborate on how to accomplish this?


(David Pilato) #4

Here: https://www.elastic.co/guide/en/x-pack/current/field-and-document-access-control.html


#5

Perfect, thank you - indexing data with an ingest pipeline.


(system) #6

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.