psaiz
(Psaiz)
May 4, 2017, 11:45am
1
Hi Simone,
SHIELD offers document level security like [1]. The basic idea is that it can restrict which documents inside an index can be read following an elasticsearch query like
"query" : {
"term" : { "department_id" : 12 }
and then, that rule will filter the results to give back only those documents that satisfy the extra condition.
Would it be possible to have something similar in ROR?
Thanks,
pablo
[1] Setting Up Field and Document Level Security | X-Pack for the Elastic Stack [6.2] | Elastic
I would use it today
Good to have
Uninterested
2 Likes
fbaligand
(Fabien Baligand)
November 8, 2017, 5:44pm
2
Here is the matching github issue :
opened 03:34PM - 07 Jul 17 UTC
closed 08:22AM - 25 Aug 18 UTC
It would be great to add support for document level security.
I mean having t… he ability to limit the documents that are readable for a user.
In the configuration, something like that :
```
- name: myname
type: allow
indices: [".kibana"]
query: '{ "bool": { "must_not": { "match": { "title": "A confidential dashboard" }}}}}'
```
sscarduzio
(Simone Scarduzio)
March 24, 2018, 8:03pm
3
You might want to keep an eye on this PR
sscarduzio:master
← rvibrac:filtering
opened 01:28PM - 23 Mar 18 UTC
Hi,
This pull request allows to set up document level security.
I kept it re… ally simple for now, I added a new property to the rule named 'filter'.
You put a DLS query and it will wrap this query to the ES query if the rule is matched.
For example:
```yaml
access_control_rules:
- name: Just certain indices, and read only
actions: ["indices:data/read/*"]
indices: ["product_catalogue-*"]
filter: ""{\"bool\": {\"must\": [{\"term\": {\"name\": {\"value\": \"test\"}}}]}}""
```
So if the rule is matched, it will filter all the documents that have the 'name' equals to 'test'
Regards,