https://training-course-material.com/index.php?action=history&feed=atom&title=Elasticsearch
Elasticsearch - Revision history
2026-05-02T18:54:45Z
Revision history for this page on the wiki
MediaWiki 1.45.1
https://training-course-material.com/index.php?title=Elasticsearch&diff=37938&oldid=prev
Bernard Szlachta: /* Query Rewrite⌘ */
2016-08-02T07:53:20Z
<p><span class="autocomment">Query Rewrite⌘</span></p>
<p><b>New page</b></p><div>[[Category:Elasticsearch]]<br />
<br />
<br />
<slideshow style="nobleprog" headingmark="⌘" incmark="…" scaled="true" font="Trebuchet MS" ><br />
;title: Elasticsearch<br />
;author: Bernard Szlachta 安博 (NobleProg Ltd)<br />
</slideshow><br />
{{Can I use your material}}<br />
<br />
==Elasticsearch Access Control⌘==<br />
# Access Control in ES (least secure)<br />
## Shield<br />
## Bespoke module<br />
# Key-based bespoke - API Wrapper (fairly secure)<br />
## Query Rewrite<br />
## Query Filter<br />
# Separate Servers (super secure)<br />
;Other<br />
# Network gateways<br />
# Searchable data and encrypted data<br />
# Backups of classified information<br />
<br />
== Access Control in ES ⌘==<br />
=== Shield ⌘===<br />
* ES plugin<br />
* not free<br />
* index level<br />
* document level<br />
* field level<br />
* URL based access<br />
* audit trail<br />
* SSL/TSL encription (without cluster)<br />
more https://www.elastic.co/guide/en/shield/current/configuring-rbac.html<br />
<br />
=== Shield: Index Level ⌘===<br />
{<br />
"current_year_read": {<br />
"cluster":[],<br />
"indices":[{<br />
"names":["current_year"],<br />
"privileges":["read"]}],<br />
"run_as":[]<br />
}<br />
}<br />
<br />
=== Shield: Document Level ⌘===<br />
<br />
POST /_shield/role/my_dls_role<br />
{<br />
"indices": [<br />
{<br />
"names": [ "index1", "index2" ],<br />
"privileges": ["read"], <br />
"query": {"term" : {"department_id" : "12"}} <br />
}<br />
]<br />
}<br />
=== Shield: Field Level ⌘===<br />
POST /_shield/role/my_fls_role<br />
{<br />
"indices": [<br />
{<br />
"names": [ "index1", "index2" ],<br />
"privileges": ["read"], <br />
"fields": [ "title", "body" ]<br />
}<br />
]<br />
}<br />
<br />
cannot control other modules or upgrades - no way of assuring security<br />
=== Access Control in ES - pros and cons ⌘===<br />
;Pros<br />
* no need of separate code<br />
* arguably the fastest method<br />
;Cons<br />
* only standard API comply, other modules simply ignore Shield<br />
* upgrading and compatibility problems<br />
* hard to test<br />
<br />
=== Other in ES ===<br />
* Scripts in ES<br />
** Versioning, unit testing?<br />
<br />
== API Wrapper ⌘==<br />
* Query Rewrite<br />
* Result Filter<br />
* Aggregated Result Problem<br />
;Pros<br />
* Existing permission system (e.g. application permission system, LDAP, etc...) can be implmeneted<br />
;Cons<br />
* Needs to be develop<br />
* Speed (arguably)<br />
<br />
=== Query Rewrite⌘ ===<br />
GET _search<br />
{<br />
"query": {<br />
"match_all": {}<br />
}<br />
}<br />
;BECOMES<br />
GET _search {<br />
"query": {<br />
"bool": {<br />
"must": {<br />
"match_all": {}<br />
},<br />
"filter": {<br />
"term": {<br />
"roles": "managers"<br />
}}}}}<br />
<br />
=== Query Rewrite⌘ ===<br />
;Pros<br />
# Very fast (almost no impact on performance)<br />
# Upgrading ES have almost no impact on the logic and security <br />
# Full control on how queries are rewritten<br />
# Bespoke way handling aggregation (e.g. allow users to see totals of sales in departments, but not concrete documents)<br />
;Cons<br />
# Becoming more complex with complex queries (e.g. aggregation)<br />
# May be tricky to test<br />
<br />
=== Filter API Wrapper ⌘ ===<br />
* Filtering takes place in the API Wrapper<br />
;Pros<br />
* Full control over results<br />
* Very easy to test<br />
;Drawbacks<br />
* Poor Performance<br />
<br />
==Elasticsearch Performance Testing with JMeter ⌘==<br />
* JMeter - example with recording post and playing them up<br />
* Use Chrome plugin<br />
[[:Category:JMeter]]</div>
Bernard Szlachta