Configuring layer security
Index security
By default, only the sirenadmin user has the permissions to view the map layer indices. To make layers available for other users to configure, you must assign read permissions to their roles.
To configure the permissions, open Access control, click the Roles tab, and add the prefix ?map__* to the allowed indices in index_permissions.
|
This prefix will apply permissions to all map indices. If you want to be more specific, you can add each index to the role individually. |
Document-level security (DLS)
You can configure document-level security on the map indices, which allows only the documents that match the DLS query to be returned.
|
To maintain system performance, run DLS map queries ONLY on the map indices. For more information, see the Search Guard Classic performance considerations. |
Configuring security by spatial path
The following DLS query retrieves only the documents that contain "World Lakes" in their spatial_path parameter:
index_permissions:
- index_patterns:
- '?siren*'
- article
- company
- investment
- investor
fls: []
masked_fields: []
allowed_actions:
- READ
- VIEW_INDEX_METADATA
- index_patterns:
- '?map__*'
dls: '{ "match": { "spatial_path":"World Lakes" } }'
fls: []
masked_fields: []
allowed_actions:
- READ
- VIEW_INDEX_METADATA
Configuring security by geo-shape
The following DLS query retrieves only the documents that are within the specified coordinates:
- index_patterns:
- '?map__*'
dls: >-
{ "geo_shape": { "geometry": { "shape": { "type": "Polygon",
"coordinates": [ [ [ -12.85400390625, 50.680797145321655 ], [
-4.306640625, 50.680797145321655 ], [ -4.306640625, 56.42605447604972 ], [
-12.85400390625, 56.42605447604972 ], [ -12.85400390625,
50.680797145321655 ] ] ] }, "relation": "within" } } }
fls: []
masked_fields: []
allowed_actions:
- READ
- VIEW_INDEX_METADATAConfiguring security by properties fields
The following DLS query retrieves only the documents that are in North America:
- index_patterns:
- '?map__*'
dls: '{ "term": { "properties.CONTINENT.keyword": "North America" } }'
fls: []
masked_fields: []
allowed_actions:
- READ
- VIEW_INDEX_METADATA