psaiz
May 4, 2017, 11:45am
1
Hi Simone,
SHIELD offers document level security like [1]. The basic idea is that it can restrict which documents inside an index can be read following an elasticsearch query like
"query" : {
"term" : { "department_id" : 12 }
and then, that rule will filter the results to give back only those documents that satisfy the extra condition.
Would it be possible to have something similar in ROR?
Thanks,
[1] Setting Up Field and Document Level Security | X-Pack for the Elastic Stack [6.2] | Elastic
I would use it today
Good to have
Uninterested
2 Likes
fbaligand
November 8, 2017, 5:44pm
2
Here is the matching github issue :
opened 03:34PM - 07 Jul 17 UTC
closed 08:22AM - 25 Aug 18 UTC
It would be great to add support for document level security.
I mean having t… he ability to limit the documents that are readable for a user.
In the configuration, something like that :
```
- name: myname
type: allow
indices: [".kibana"]
query: '{ "bool": { "must_not": { "match": { "title": "A confidential dashboard" }}}}}'
```
sscarduzio
March 24, 2018, 8:03pm
3
You might want to keep an eye on this PR
sscarduzio:master ← rvibrac:filtering
opened 01:28PM - 23 Mar 18 UTC
Hi,
This pull request allows to set up document level security.
I kept it re… ally simple for now, I added a new property to the rule named 'filter'.
You put a DLS query and it will wrap this query to the ES query if the rule is matched.
For example:
```yaml
access_control_rules:
- name: Just certain indices, and read only
actions: ["indices:data/read/*"]
indices: ["product_catalogue-*"]
filter: ""{\"bool\": {\"must\": [{\"term\": {\"name\": {\"value\": \"test\"}}}]}}""
```
So if the rule is matched, it will filter all the documents that have the 'name' equals to 'test'
Regards,
