Reputation: 1839
elasticsearch: allow discovery of document, without exposing source?
I'm trying to set up elasticsearch so that it allows users to discover the existence of documents, without having access to the document itself. For example, imagine a site that aggregates academic articles: they allow full-text search over the body, but only present the abstract.
I am trying to set up a system where different user groups have access to different documents, but everyone has access to the entire index.
What is the path of least resistance for me to set up restricted content search on elasticsearch? Is it a setting? A plugin? Write my own plugin? Fork?
Upvotes: 0
Views: 71
Answers (1)
Reputation: 2998
To answer first part of your query,
First way: You can disable returning _source field for particular query by this.
{
"_source": false,
"query": {
"term": {
"user": "kimchy"
}
}
}
Second way: If you never want to see _source field, you can disable storing it.
{
"tweet": {
"_source": {
"enabled": false
}
}
}
Second part, you mentioned
I didn't exactly get your requirements but Shield can be useful if you want simple authentication, role based access control so some set of users can't modify documents and so on.
If you have your user-facing system, you can achieve it simply by adding access permission field in each document and mapping the permissions with user. Then you can use the filters when searching for documents. This is in-case if you don't get into details of Shield.
Upvotes: 2
Related Questions
- Elastic Search Document Level Security
- How to store data in elasticsearch _source but not index it?
- How to index a field in elasticsearch but not store it in _source?
- Elasticsearch - searching through document keys
- Elasticsearch fields only for _source
- Hide a document from the searching in Elasticsearch
- Protecting data in elastic search
- Document access control in ElasticSearch
- Query documents with access control filter
- Elasticsearch: private user documents