Nice job adding document level security to Shield! However it is a little cumbersome to create queries for every user. Any chance you would add integration with authentication realms for generating custom queries? What I have in mind here is the Elasticsearch plugin for ManifoldCF. It retrieves a list of access/deny tokens for a user from an authentication provider, and adds these as filters to the current query. It would be really nice if Shield could provide a security solution that would work seamlessly together with ManifoldCF .
Great question! We certainly do have plans to make it a lot easier to configure for large sets of users. Our planned approach would be to allow templating in the document-level security definition, so you could reference properties of a user. I'd love to see if this approach would meet your needs.
In that way, you could create a single role that that has a document-level security query that references the user and group SIDs of an AD user, for example. Then you could assign that single role to all users, and you would have document-level security based on the user properties.
This planned feature isn't geared specifically toward ManifoldCF (there are lots of use-cases for this), but I think it should work in that scenario. Does this sound like an approach that would work for you?
Using templates for generating security definitions sound exactly like what I'm looking for.
I believe it would work for ManifoldCF, and it could help moving Elasticsearch into an enterprise search context.
Nice to know you are going in this direction! Thanks!