弹性搜索每个用户对文档的访问控制 [英] Elastic search per user access control to document
问题描述
我正在使用ElasticSearch 7.1.1作为全文本搜索引擎.开始时,所有用户都可以访问所有文档.我想给用户编辑文档的可能性.该文档的修改后的版本仅对编辑者可用,其他所有人只能查看默认文档.
I'm using ElasticSearch 7.1.1 as a full-text search engine. At the beginning all the documents are accessible to every user. I want to give users the possibility to edit documents. The modified version of the document will be accessible only to the editor and everyone else will only be able to see the default document.
为此,我将向每个文档添加两个数组:
To do this I will add two array to every document:
- 无法查看文档的一系列用户
- 具有唯一可以查看此文档的用户的数组
每次有人编辑文档时,我都会:
Every time someone edit a document I will:
- 将进行编辑的用户添加到排除的用户列表中
- 创建包含仅对该用户可用的编辑内容的文档.
这样,在索引中,我将拥有三种类型的文档:
This way in the index I'll have three types of documents:
- 每个人都可以访问的文件
- 除某些用户外,所有人均可使用的文档
- 仅特定用户可以访问的文档
我不仅可以使用ElasticSearch来获取文档,还可以使用它来计算实时聚合(例如某个字段的总和),因此在查询时,我将能够获取用户特定的文档.
I use ElasticSearch not only to fetch documents but also to calculate live aggregations (e.g. sums of some field) so query-time I will be able to fetch user specific documents.
我不希望进行大量编辑,少于文档总数的1%.
I don't expect a lot of edits, less than 1% of the total documents.
是否有一种更智能,查询强度更低的方法来获得相同的结果?
Is there a smarter, and less query intensive, way to obtain the same results?
推荐答案
您可以实现以此,您可以定义角色,以限制对与查询匹配的某些文档的读取权限(例如,您可以使用文档的ID).
With that you can define roles that restrict the read-access to certain documents that match a query (e.g. you could use the id of the document).
因此,您不必更新角色,而是分别通过将角色分配给特定用户来更新角色,而不是通过建议的阵列解决方案来每次更新文档.当然,这将要求每个用户都有一个Elasticsearch用户.
So instead of updating the documents each time via your proposed array-solution, you would instead update the role respectively granting the roles to the particular users. This would of course require that every user has an elasticsearch user.
据我所知,此功能是满足 Elasticsearch 要求即开即用"的表格的唯一解决方法.
This feature is the only workaround to fulfill your requirements that Elasticsearch brings on the table "out of the box" as far as I know.
希望我能为您提供帮助.
I hope I could help you.
这篇关于弹性搜索每个用户对文档的访问控制的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
