Is is possible to secure ES indices based on a client ID?

baden0x1 · December 15, 2016, 3:13pm

In a forthcoming platform, we will have several clients accessing data through a dashboard. Is it possible to secure an ElasticSearch index based on a specific client ID?

I realize that this would require some master/lookup index, which would mean that we would also have an ES index with user data.

The driving force behind this is that we would like to secure each client's data so that other clients are not able to access others' indices by merely trying to guess a clientID.

For this my suggestion is that a after a request is received by the server, we tack on the client ID (server-side) before the request is sent to ElasticSearch.

To make this happen I would think that every document within all of a client's indices would have a ClientID field. The request obviously starts with the index name, but the server will add their ClientID (GUID), which would never be seen by the client themselves (an internal ID).

Suggestions please.

dadoonet · December 15, 2016, 3:31pm

Have a look at Xpack (commercial plugin made by elastic).

baden0x1 · December 17, 2016, 1:50pm

I have XPack installed. Can you please elaborate on how to accomplish this?

dadoonet · December 17, 2016, 3:13pm

Here: https://www.elastic.co/guide/en/x-pack/current/field-and-document-access-control.html

baden0x1 · December 17, 2016, 9:29pm

Perfect, thank you - indexing data with an ingest pipeline.

system · January 14, 2017, 9:29pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.