Hi Mark, could you please elaborate a little more detailed how this could be done? Would you suggest indexes per application and tie them together via aliases? Still wonder how this could be integrated into Kibana...
Best regards, Philipp Am Freitag, 27. März 2015 10:17:37 UTC+1 schrieb Mark Walkom: > > Aliases + shield will definitely do this. > > On 27 March 2015 at 19:39, Philipp R. <[email protected] > <javascript:>> wrote: > >> I am currently investigating the ELK (Elasticsearch, Logstash, Kibana) >> stack for centralized log file analysis. >> >> The plan is to store logs of multiple applications in the same >> Elasticsearch cluster using logstash and day-based indexes. >> >> All documents contain a field called application, e.g."application": >> "superapp". >> >> Now we are looking for a way to implement access control like this: >> >> *A) Superuser:* is able to see log entries of all applications. >> >> *B) Developer:* can only see log entries of the applications he is >> allowed to. For example the dev team for application "superapp" should only >> be able to see the entries for this application. >> >> To wrap it up: we need access control based on the value in the field >> application. >> >> While reading the documentation for Elastisearch and Shield I could not >> find an obvious way to do it. >> >> Any ideas how we could realize this in a way that would also work with >> Kibana 3 and 4? >> >> My first idea was to use aliases which are being automatically assigned >> to documents using index templates. I am wondering if this is the right >> direction. >> >> -- >> You received this message because you are subscribed to the Google Groups >> "elasticsearch" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected] <javascript:>. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/elasticsearch/54593215-2f62-47c5-ac87-5e3515a9b916%40googlegroups.com >> >> <https://groups.google.com/d/msgid/elasticsearch/54593215-2f62-47c5-ac87-5e3515a9b916%40googlegroups.com?utm_medium=email&utm_source=footer> >> . >> For more options, visit https://groups.google.com/d/optout. >> > > -- You received this message because you are subscribed to the Google Groups "elasticsearch" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/bf6b1a97-060d-43cb-b1ab-53d0172eb39e%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
