The following super types are searchable within Elasticsearch using the Search Screen in the Web UI:
Refer to the Creating and Maintaining an Elasticsearch Configuration topic for additional information.
Considerations, Limitations, and Recommendations for STEP Privileges
Elasticsearch Permissions and STEP Privileges includes the following limitations:
Full-text Search Results Can Include Hidden Values
When a Data Specification is configured as ‘Full Text’ or ‘ID Query’ in the Elasticsearch configuration, the search result will not exclude objects where the user is not allowed to view the value being searched on, as long as the user is allowed to view the object. However, the search result will only display the values the user is allowed to view. Because of this, a user may be able to conclude a value without being able to view it.
Example:
-
Joe is privileged to view product with ID 123456 and Name of 'Blue Shoe'.
-
Product with ID 123456 has an attribute of Description with a value of 'This is a blue shoe with Velcro fastener'.
-
Joe is not privileged to view values of the Description attribute for product with ID 123456.
Joe searches for 'Velcro'. The search result contains product with ID 123456 but does not display the value 'This is a blue shoe with Velcro fastener.'
For details on Full-text and ID Query searches, refer to the Creating and Maintaining an Elasticsearch Configuration topic and the Search Screen Search Bar topic.
Note: Use caution when setting both Full Text and User Group Permissions on the Elasticsearch Configuration to avoid unexpected search results.
Facets Can Include Hidden Attribute Values
Data Specification configured as ‘Displayed Data’ in the Elasticsearch configuration allows users to view the data as a facet. When this is configured, the facet’s dropdown will not exclude values the user is not privileged to view when those values originate from objects the user is privileged to view. When the user filters by such a value, the search result will not exclude objects where the user is not allowed to view the value being filtered on; however, the search result will only display the values the user is allowed to view. Because of this, a user may be able to conclude a value without being able to view it.
Example:
-
Joe is privileged to view product with ID 123456 and Name of 'Blue Shoe'.
-
Product with ID 123456 has an attribute of Risk Classification with a value of 'High'.
-
Joe is not privileged to view values of the Risk Classification attribute for product with ID 123456.
Joe expands the facet of the Risk Classification attribute. The value of ‘High’ is presented and the count of objects with the value ‘High’ includes product with ID 123456. If Joe selects the value of ‘High’ in the facet, the search results will contain product with ID 123456 but will not display the value (High) of the Risk Classification attribute for the product with ID 123456.
User Group Permissions for Data Specifications
Setting a User Group as ‘User Group Permissions’ for a Data Specification defined in the Elasticsearch configuration limits the availability of this Data Specification as ‘Displayed Data’ to the selected User Group.
Note: Setting a User Group as 'User Group Permissions' for a Data Specification does not limit the data specification's availability as Full Text or ID Query.
