Get full access to Learning Elastic Stack 6.0 and 60K+ other titles, with a free 10-day trial of O'Reilly.

There are also live events, courses curated by job role, and more.

Document-level security or field-level security

Now that we know how to create a new user, create a new role, and assign roles to a user, let's explore how security can be imposed on documents and fields for a given index/document.

The sample data that we imported before, at the beginning of this chapter, contained two indexes: employee and department.

Use Case 1: When a user searches for employee details, the user should not be able to find the salary/address details contained in the documents belonging to the employee index.

This is where field-level security helps. Let's create a new role (employee_read) with read index privileges on the employee index. To restrict the fields, choose the fields that are allowed to be accessed by the user ...

Get Learning Elastic Stack 6.0 now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Don’t leave empty-handed

Get Mark Richards’s Software Architecture Patterns ebook to better understand how to design components—and how they should interact.

It’s yours, free.

Get it now

Check it out now on O’Reilly

Dive in for free with a 10-day trial of the O’Reilly learning platform—then explore all the other resources our members count on to build skills and solve problems every day.

Start your free trial Become a member now