I am storing windows folder permissions in elastic as a document per folder, then each folder has a list of users that has access to this folder, and each user has list of permissions (accessmask) that is stored as a list of each user because it is a FlagsAttribute.
Sample structure for folder c:\folder with 2 users permissions
{
"path": "C:\\folder1",
"permissions": [
{
"user": "domain\\user1",
"ntfsAccessMask": [
0,
1,
1,
2,
2,
4,
4,
8,
16,
32,
32,
128,
256,
278,
65536,
131072,
131209,
131241,
197055,
1048576
]
},
{
"user": "domain\\user2",
"ntfsAccessMask": [
0,
1,
1,
2,
2,
4,
4,
8,
16,
32,
32,
64,
128,
256,
278,
65536,
131072,
131209,
131241,
197055,
262144,
524288
]
}
]
}
My question is how can i query all folder/users that has a specific permission like full control or a specific flag permission in the accessmask? it is possible to do this queries to match a value inside a sublist of a list of a doc?
queries like:
folders where f.path=* and f.user=* and ( f.user.ntfsaccessmask = 1 or f.user.nftsaccessmask = 2 )