In our application we have the need to restrict access to data. We would like to use filters for that. The filtered alias<http://www.elasticsearch.org/guide/en/elasticsearch/reference/current/indices-aliases.html> seems like a nice way to do that and my original thought was to simply create an alias for each user and then add a filter to it as needed.
That would work quite nicely, however we split the content potentially across many indices (think logstash and it's default per day index). Sadly a filter alias can only point to one index (wildcards don't seem to work in the 'index' either), which I assume is due to making it also work for document posting and updates .... With that said, is there something obvious I'm missing to get the desired functionality of applying/forcing a filter dependent on a user? Right now I'm considering 2 choices: 1) create per user aliases for each index they should have access to and then running the _search against /<user>_*/. That seems like it quickly becomes hard to scale and manage 2) store the user filters in ES and having a shim that inserts them at query time. Right now I already use a shim to authenticate via an HTTP header token through an nginx proxy Any thoughts and opinions would be most welcome. \@matthias -- You received this message because you are subscribed to the Google Groups "elasticsearch" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/9001455a-f75a-4161-b475-9d2d266369cc%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
