Besides index and document type based access, is it possible to do search based access? Need to narrow access down to a single application within an index and splitting it out in a new index is not an option.
Hi - what exactly do you mean by “search based access”? Do you mean allow/deny access based on a particular query, in addition to the role-based index level access? If this is the case, no, this is currently not supported.
But I’m curious about your actual use case here - maybe you can achieve it in some other ways? You write:
" narrow access down to a single application"
so that would imply that you can create a specific user / role for this application and narrow access down to that one index. Or did I understand something wrong here?
···
On Friday, September 14, 2018 at 12:28:28 PM UTC+2, Jasper Nygaard wrote:
Besides index and document type based access, is it possible to do search based access? Need to narrow access down to a single application within an index and splitting it out in a new index is not an option.
Hi - ok - thanks for the reply. This is a log cluster with multiple applications logging to the same index pattern. Looks like I have to move the particular application to a separate index.
Thanks
mandag den 17. september 2018 kl. 15.33.53 UTC+2 skrev Jochen Kressin:
···
Hi - what exactly do you mean by “search based access”? Do you mean allow/deny access based on a particular query, in addition to the role-based index level access? If this is the case, no, this is currently not supported.
But I’m curious about your actual use case here - maybe you can achieve it in some other ways? You write:
" narrow access down to a single application"
so that would imply that you can create a specific user / role for this application and narrow access down to that one index. Or did I understand something wrong here?
On Friday, September 14, 2018 at 12:28:28 PM UTC+2, Jasper Nygaard wrote:
Besides index and document type based access, is it possible to do search based access? Need to narrow access down to a single application within an index and splitting it out in a new index is not an option.
If you can identify the logs from that one application by a field in the log documents, you can use document level security to apply a respective filter query. However, that’s an enterprise feature. With the community edition, I guess you need to create a separate index for your use case.
···
On Tuesday, September 18, 2018 at 7:07:47 PM UTC+2, Jasper Nygaard wrote:
Hi - ok - thanks for the reply. This is a log cluster with multiple applications logging to the same index pattern. Looks like I have to move the particular application to a separate index.
Thanks
mandag den 17. september 2018 kl. 15.33.53 UTC+2 skrev Jochen Kressin:
Hi - what exactly do you mean by “search based access”? Do you mean allow/deny access based on a particular query, in addition to the role-based index level access? If this is the case, no, this is currently not supported.
But I’m curious about your actual use case here - maybe you can achieve it in some other ways? You write:
" narrow access down to a single application"
so that would imply that you can create a specific user / role for this application and narrow access down to that one index. Or did I understand something wrong here?
On Friday, September 14, 2018 at 12:28:28 PM UTC+2, Jasper Nygaard wrote:
Besides index and document type based access, is it possible to do search based access? Need to narrow access down to a single application within an index and splitting it out in a new index is not an option.