User Access Security for your Data
A recent news article speaks about a data breach containing information of about 1.2 billion unique people, making it the largest breach by a single source in history. A lot of these recent data breaches have involved unsecured elasticsearch servers.
At SearchBlox, we believe that with larger data access for search comes greater responsibility and that’s why we provide multiple security layers for you to customize your data access permissions and make them more secure. Using our interface you can easily customize access permissions for anyone from a public user to an employee to securely search enterprise data.
User Access based on Role
Global User Access
This data can be accessed by anyone right from an anonymous public user to your own authenticated employee. Examples of this data can be your marketing websites, public, and product websites.
Profile-based User Access
This type of data can only be searched by an authenticated and authorized employee of the company and the data search is allowed based on the level of the person accessing it, for example, VP, Director, Manager, Customer, and Employee of your company. This helps preserve the confidentiality of your data.
Group-based User Access
This option is used to segment the searchability of your data based on the Group the user is assigned to like Marketing, Sales, HR, Finance. This setting assures you that your data is available for the right group of people who need it.
Group-based User Access
This special permission helps you configure data access or searchability on a specific per user basis.
User Access Based on Elasticsearch Index Types
Security starts with defining requirements for various types of users to access the search index. Here are the different types of Index access we provide.
Public Search Access
Any anonymous user can search the data without any authentication or login required.
Authenticated Search User Access
Only users who are authenticated and are logged into the system can search for data or will be allowed only after authentication.
Collection/ Index/ Repository search Access
The user needs to be authenticated and authorized first and based on the authorization of the user he/she will be allowed to search for collections that are available for them.
Document-level Access
This control helps secure the accessibility of your data up to the document level. Only users with specific roles, groups, and designation can search for documents that are restricted to all others.
Sub-Document level access
This type of configuration gives you the power to control the secure access of data to the sub-document level for different users who may see different parts of the same record or document. For example, a document may contain financial information that is searchable to all users but sensitive data is displayed to authorized users.
