Query documents to match a value in a sublist of a list

agonzalez · October 30, 2020, 3:03pm

I am storing windows folder permissions in elastic as a document per folder, then each folder has a list of users that has access to this folder, and each user has list of permissions (accessmask) that is stored as a list of each user because it is a FlagsAttribute.

Sample structure for folder c:\folder with 2 users permissions

    {
      "path": "C:\\folder1",
      "permissions": [
        {
          "user": "domain\\user1",
          "ntfsAccessMask": [
            0,
            1,
            1,
            2,
            2,
            4,
            4,
            8,
            16,
            32,
            32,
            128,
            256,
            278,
            65536,
            131072,
            131209,
            131241,
            197055,
            1048576
          ]
        },
        {
          "user": "domain\\user2",
          "ntfsAccessMask": [
            0,
            1,
            1,
            2,
            2,
            4,
            4,
            8,
            16,
            32,
            32,
            64,
            128,
            256,
            278,
            65536,
            131072,
            131209,
            131241,
            197055,
            262144,
            524288
          ]
        }
      ]
    }

My question is how can i query all folder/users that has a specific permission like full control or a specific flag permission in the accessmask? it is possible to do this queries to match a value inside a sublist of a list of a doc?

queries like:

folders where f.path=* and f.user=* and ( f.user.ntfsaccessmask = 1 or f.user.nftsaccessmask = 2 )

agonzalez · November 3, 2020, 11:39am

anyone can help on this?

wangqinghuan · November 3, 2020, 2:44pm

I suggest you flat your data, such as:

   {
  "path": "C:\\folder1",
  "user": "domain\\user1",
  "ntfsAccessMask": [
    0,
    1,
    1,
    2,
    2,
    4,
    4,
    8,
    16,
    32,
    32,
    128,
    256,
    278,
    65536,
    131072,
    131209,
    131241,
    197055,
    1048576
  ]
},
{
  "path": "C:\\folder1",
  "user": "domain\\user2",
  "ntfsAccessMask": [
    0,
    1,
    1,
    2,
    2,
    4,
    4,
    8,
    16,
    32,
    32,
    64,
    128,
    256,
    278,
    65536,
    131072,
    131209,
    131241,
    197055,
    262144,
    524288
  ]
}

Sample data structute you posted will store all user permissions in one single doc, you will get all users in this doc when one user permission hits.

Topic		Replies	Views
Elastic search query - parent child permissions Elasticsearch eql-elastic-query-language , vector-search	3	94	July 10, 2024
Index/search with ACLs and parent/child relationship Elasticsearch	2	930	July 6, 2017
Access filtering in tree structure Elasticsearch	9	2278	June 13, 2018
Is this possible in ES? Elasticsearch	2	285	July 6, 2017
Matching array values to a field that is an array Elasticsearch	1	371	July 6, 2017

Query documents to match a value in a sublist of a list

Related topics