Than you for response @Sean_Story !
In my use case I want indeed fronend to talk directly with elsticsearch and perform simple searches/aggreagations directly.
I red the blog you mentioned and as I understood from your implemenation, the solution is to create backend service which will return API key with validity of 1 hour, frontend will request this APIKey and use it when calling the elastic for some _search
I think it is working, but cumbersome solution. We need to implement additional service to generate user keys and we need to set some short validity interval for such API Keys. Plus, it means we would also need to implement some ApiKey refresh mechanism and monitor key validity.
In would be much easier for me if can set it in role and user role mapping for assignment of roles to user during authorisation process. It will also work with document-level security.
The only trouble I have right now -- it is not possible to define in role definition configuration like this:
"restriction": {"workflows": ["search_application_query"]},
Or am I misisng something?
We are using elastic cloud, currently on 8.15.3 version