Skip to content

Add steps to configure document and field level security in Serverless #3950

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 5 commits into
base: main
Choose a base branch
from
Open

Add steps to configure document and field level security in Serverless #3950

wants to merge 5 commits into from

Conversation

@yetanothertw
Copy link
Contributor

@yetanothertw yetanothertw commented Nov 17, 2025
edited
Loading

Fixes #426

On the Controlling access at the document and field level page, I've added:

  • a new section for configuring document-level security in Serverless PREVIEW HERE
  • a new section for field-level security configuration in Serverless PREVIEW HERE

@yetanothertw yetanothertw self-assigned this Nov 17, 2025
@github-actions
Copy link

github-actions bot commented Nov 17, 2025
edited
Loading

🔍 Preview links for changed docs

@yetanothertw yetanothertw marked this pull request as ready for review November 17, 2025 14:33
@yetanothertw yetanothertw requested a review from a team as a code owner November 17, 2025 14:33
shainaraskas
shainaraskas requested changes Nov 17, 2025
View reviewed changes
Copy link
Collaborator

@shainaraskas shainaraskas left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

porting comment over from your other PR + some additional feedback

we have this page now tagged for serverless, but the intro page for user roles doesn't have a serverless tag. these pages should be in conversation with each other: the page at the top of the pile should always be an overview that has a superset of all of the tags of the child pages.

this page needs some structural changes so it's easier to scan - finding the serverless procedures is not intuitive here, and it's not clear that the other pieces of the procedure are for stack only. fix likely is tabs

other sections need to be tagged because some of them don't apply to serverless (e.g. the cross-cluster API keys one - CCS doesn't work for serverless)

@yetanothertw
Copy link
Contributor Author

yetanothertw commented Nov 18, 2025

Hi @shainaraskas, as per your comment, I had another look at all the tagging of the pages in Users and roles and here's what stands out:

  1. The top-level parent Users and roles includes a Serverless tag.

  2. The next high-level parent is Cluster or deployment which doesn't include a Serverless tag. This page also introduces Controlling access at the document and field level amongst other user authorization topics that are Stack-specific (not Serverless):

image
  1. The next parent doc after that is User roles and the only child pages that apply to Serverless are: Elasticsearch privileges (which is a cross-repo link to the Reference section) and Controlling access at the document and field level.

Suggestion

It almost seems like these new steps I've added would be better placed in this section in the Serverless project custom roles doc. So I'm suggesting to move them there, and only keep the note that links to it in the Controlling access at the document and field level:
image

What do you think? Would it make more sense to keep the Serverless docs separate and avoid introducing more confusion?

@shainaraskas
Copy link
Collaborator

shainaraskas commented Nov 18, 2025
edited
Loading

to me, this is a signal that the page is possibly badly placed in the IA. we also really need the queries to be visible to people configuring document and field level security for serverless. consider:

  • putting the query stuff in snippets and xlinking between the pages
  • reparenting this page a little higher up so it's accessible to both contexts (this might be my preference?)
  • changing the applies tags on the parent page, and applying tags to child sections on that parent page as needed

suspect stuff like run_as might have similar problems to the doc/field level access page, so keep that in mind when choosing a solution

my guiding principle is generally "if someone googles this, what is the easiest way for them to land in the correct place?" generally, keeping the info together is the path of least resistance for readers.

maggieghamry
maggieghamry approved these changes Nov 18, 2025
View reviewed changes
Copy link
Contributor

@maggieghamry maggieghamry left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, thank you!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@shainaraskas shainaraskas shainaraskas requested changes

@maggieghamry maggieghamry maggieghamry approved these changes

@kilfoyle kilfoyle Awaiting requested review from kilfoyle

Requested changes must be addressed to merge this pull request.

Assignees

@yetanothertw yetanothertw

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@yetanothertw @shainaraskas @maggieghamry