From f7a8d31d6ae8c168e34eac765aa976ec99299277 Mon Sep 17 00:00:00 2001 From: jaymode Date: Mon, 19 Oct 2015 09:48:54 -0400 Subject: [PATCH] update the wording around filtered aliases and document level security Also, remove an extra period in DLS/FLS section title. Closes elastic/elasticsearch#542 Closes elastic/elasticsearch#798 Original commit: elastic/x-pack-elasticsearch@a1556b37c7b63c9cc45dd3fd2101100f5fac920f --- shield/docs/public/granting-alias-privileges.asciidoc | 4 ++-- .../setting-up-field-and-document-level-security.asciidoc | 5 +++-- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/shield/docs/public/granting-alias-privileges.asciidoc b/shield/docs/public/granting-alias-privileges.asciidoc index 0eebef2eeb0..e5b38e82303 100644 --- a/shield/docs/public/granting-alias-privileges.asciidoc +++ b/shield/docs/public/granting-alias-privileges.asciidoc @@ -97,5 +97,5 @@ curl -XPOST 'http://localhost:9200/_aliases' -d ' ==== Filtered aliases Aliases can hold a filter, which allows to select a subset of documents that can be accessed out of all the documents that -the physical index contains. Filtered aliases allow to mimic document level security, but have limitations. Please read -the <> section to know more. +the physical index contains. These filters are <> and should not be used +in place of <>. diff --git a/shield/docs/public/setting-up-field-and-document-level-security.asciidoc b/shield/docs/public/setting-up-field-and-document-level-security.asciidoc index 88224c8c727..cb6ecc82b3a 100644 --- a/shield/docs/public/setting-up-field-and-document-level-security.asciidoc +++ b/shield/docs/public/setting-up-field-and-document-level-security.asciidoc @@ -1,5 +1,5 @@ [[setting-up-field-and-document-level-security]] -=== Setting Up Field and Document Level Security. +=== Setting Up Field and Document Level Security You can control access to data within an index by adding field and document level security permissions to a role. Field level security permissions restrict access to particular fields within a document. @@ -111,6 +111,7 @@ When field level security is enabled for an index: * The query cache and the request cache are disabled for search requests. * The update API is blocked. An update request needs to be executed via a role that doesn't have field level security enabled. +[[document-level-security]] ==== Document Level Security Enabling document level security restricts which documents can be accessed from any document based API. @@ -165,6 +166,6 @@ When document level security is enabled for an index: * The get, multi get, termsvector and multi termsvector APIs aren't executed in real time. The realtime option for these APIs is forcefully set to false. * Document level security isn't applied for APIs that aren't document based oriented. For example this is the case for the field stats API. * Document level security doesn't affect global index statistics that relevancy scoring uses. So this means that scores are computed without taking the role query into account. - Note that, documents not matching with the role query are never returned. + Note that documents not matching with the role query are never returned. * The `has_child` and `has_parent` queries aren't supported as role query in the `roles.yml` file. The `has_child` and `has_parent` queries can be used in the search API with document level security enabled. \ No newline at end of file