How to provide document and field level access to elasticsearch users in python

I have a user specific json, that provides info as to what fields and documents should be accessible by particular user for a particular index. Now whenever that user tries to load that index in python workspace using elasticsearch-py client, they should only be able to access and modify those fields and documents and not the complete index.
I need to implement this functionality without using pyspark. In spark I’m able to achieve this by automatically loading subset of the index (called df in below code) for the user, without the user having access of complete index:

val df = spark.read.format("org.elasticsearch.spark.sql")
             .option("es.resource", index)
             .option("es.read.field.exclude", list_of_inaccessible_fields)  // es.read.field.include is also an option
             .option("es.query", queryString)  // this query can filter documents based on values for particular fields
             .load()

I intend to create a python module as an authorization middleware, that is invoked every time user tries to read/write from/to an index and works by parsing access info from user-json and masking the original index. Changes to this approach and entirely different approaches are welcome as well!
Thanks in advance!!

PS: I’am also open to using elasticsearch-dsl, if it helps

Source: Python Questions

LEAVE A COMMENT