[[set-security-user-processor]] ==== Pre-processing documents to add security details // If an index is shared by many small users it makes sense to put all these users // into the same index. Having a dedicated index or shard per user is wasteful. // TBD: It's unclear why we're putting users in an index here. To guarantee that a user reads only their own documents, it makes sense to set up document level security. In this scenario, each document must have the username or role name associated with it, so that this information can be used by the role query for document level security. This is a situation where the {ref}/ingest-node-set-security-user-processor.html[Set Security User Processor] ingest processor can help. NOTE: Document level security doesn't apply to write APIs. You must use unique ids for each user that uses the same data stream or index, otherwise they might overwrite other users' documents. The ingest processor just adds properties for the current authenticated user to the documents that are being indexed. The {ref}/ingest-node-set-security-user-processor.html[set security user processor] attaches user-related details (such as `username`, `roles`, `email`, `full_name` and `metadata` ) from the current authenticated user to the current document by pre-processing the ingest. When you index data with an ingest pipeline, user details are automatically attached to the document. For more information see {ref}/ingest.html[Ingest node] and {ref}/ingest-node-set-security-user-processor.html[Set security user processor].