Our platform has millions users. We want to let each user can query their own account data, like the support ticket they opened, the orders they placed. It is easy to index these data by Elastic search, but how can we manage the security, to make sure one account info will only be return when the search is triggered by related account?
Which means account A will never be able to search account B's data out.
Any comments/ tips for the architecture are appreciated.