In a forthcoming platform, we will have several clients accessing data through a dashboard. Is it possible to secure an ElasticSearch index based on a specific client ID?
I realize that this would require some master/lookup index, which would mean that we would also have an ES index with user data.
The driving force behind this is that we would like to secure each client's data so that other clients are not able to access others' indices by merely trying to guess a clientID.
For this my suggestion is that a after a request is received by the server, we tack on the client ID (server-side) before the request is sent to ElasticSearch.
To make this happen I would think that every document within all of a client's indices would have a ClientID field. The request obviously starts with the index name, but the server will add their ClientID (GUID), which would never be seen by the client themselves (an internal ID).