I have been trying to find a way to handle document access rights in
Elasticsearch. I have come up with a solution and written a few words
trying to explain it in a blog.
In order to avoid duplication, I'm not going to repeat it all here but the
general idea is to create a script that checks a document's user groups
against a list passed in the query.
I'm posting it here because it would be good to have feedback from people
who know a lot more about elasticsearch than I do. Also, would anyone know
if there is a way of optimising it?
Thanks
In order to avoid duplication, I'm not going to repeat it all here but the
general idea is to create a script that checks a document's user groups
against a list passed in the query.
I'm posting it here because it would be good to have feedback from people
who know a lot more about elasticsearch than I do. Also, would anyone know
if there is a way of optimising it?
Thanks
You're right, I will correct the blog accordingly.
However, if I'm understanding the nginx solution correctly, it does require
that each document is indexed with all the people that can access it or
doesn't it? The downside of that would be that each time a user is added/
removed to/ from a user group then all relevant documents would need to be
re-indexed (which could be massive). Also, there may be thousands or tens
of thousands of people that could access a particular document.
Also, if I decided to use the nginx solution (with user groups instead of
users) then I would still need a custom script to handle "the user must be
a member of this or that combination of user groups" scenario, wouldn't I?
Le lundi 1 décembre 2014 10:30:31 UTC, Jörg Prante a écrit :
From your blog:
"Elasticsearch has no in-built way to say that only certain people can
find certain documents and there's no indication that will change."
This is not true. Elasticsearch is multi-tenant. You can user filter
aliases to forward requests to the docs a tenant is restricted to.
In order to avoid duplication, I'm not going to repeat it all here but
the general idea is to create a script that checks a document's user groups
against a list passed in the query.
I'm posting it here because it would be good to have feedback from people
who know a lot more about elasticsearch than I do. Also, would anyone know
if there is a way of optimising it?
Thanks
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.