github-mirrors/elasticsearch
1
0
Fork 0
mirror of https://github.com/elastic/elasticsearch.git synced 2025-04-24 23:27:25 -04:00
Code Issues Projects Releases Packages Wiki Activity
elasticsearch/docs/reference/security/authorization/set-security-user.asciidoc
James Rodewig 255c9a7f95
[DOCS] Move x-pack docs to docs/reference dir (#99209) 
**Problem:**
For historical reasons, source files for the Elasticsearch Guide's security, watcher, and Logstash API docs are housed in the `x-pack/docs` directory. This can confuse new contributors who expect Elasticsearch Guide docs to be located in `docs/reference`. 

**Solution:**
- Move the security, watcher, and Logstash API doc source files to the `docs/reference` directory
- Update doc snippet tests to use security

Rel: https://github.com/elastic/platform-docs-team/issues/208
2023-09-12 14:53:41 -04:00

28 lines
1.6 KiB
Text
Raw Permalink Blame History

[[set-security-user-processor]]
==== Pre-processing documents to add security details
// If an index is shared by many small users it makes sense to put all these users
// into the same index. Having a dedicated index or shard per user is wasteful.
// TBD: It's unclear why we're putting users in an index here.
To guarantee that a user reads only their own documents, it makes sense to set up
document level security. In this scenario, each document must have the username
or role name associated with it, so that this information can be used by the
role query for document level security. This is a situation where the
<<ingest-node-set-security-user-processor,set security user processor>> ingest processor can help.
NOTE: Document level security doesn't apply to write APIs. You must use unique
ids for each user that uses the same data stream or index, otherwise they might overwrite other
users' documents. The ingest processor just adds properties for the current
authenticated user to the documents that are being indexed.
The <<ingest-node-set-security-user-processor,set security user processor>> attaches user-related details (such as
`username`, `roles`, `email`, `full_name` and `metadata` ) from the current
authenticated user to the current document by pre-processing the ingest. When
you index data with an ingest pipeline, user details are automatically attached
to the document. If the authenticating credential is an API key, the API key
`id`, `name` and `metadata` (if it exists and is non-empty) are also attached to
the document.
For more information see <<ingest>> and
<<ingest-node-set-security-user-processor>>
Reference in a new issue View git blame Copy permalink