Hi, I searched around (including API) to try and find some recent direction for supporting secure search based on document level access control. (I expact a ton of people have asked the same question... just could not find a recent doc/thread (maybe I just missed it)
I have a collection of document trees. Each document is accessible by a list of users.
I would like users to be able to search the following ways:
within a document that they have access to - for example I want to find the word "Sydney" within the tree. Users who do not have access to this document should not be able to use this index or see search results.
site wide: across documents a user has access to. For example, I want to search across all my documents for a tag #surf and see all documents that have been tagged with "surf"
There could millions of users and millions of document trees. I expect each document tree could have thousands of nodes. ... For example you can comment on a document and there could be thousands of comments on a document.
What's the best way to implement this with Elasticsearch (I am planning on using Found to host it)?
My current thought was to have an index for each document and then somehow only allowing users with access to that document to use the index. I was not sure exactly how to prevent non-authorized users from using an index?
For the sitewide search, I am not sure how I'd aggregate all my document tree indices together, perhaps a user index ... but that would seem like a huge duplication of data.
Anyway, any guidance help appreciated.