Elasticsearch Searchable Data Setup Options

For STEP data to be displayed in the Web UI faceted Search Screen, it must meet the conditions for the searchable data setup type implemented for Elasticsearch during the initial set up:

Note: Elasticsearch can display product, classification, and/or asset data only, based on configuration.

  • Elasticsearch Permissions and STEP Privileges - in this recommended option, data is included in Elasticsearch based on the STEP user privilege settings defined below. Faceted search result values are visible based on the User Group Permissions column of the Elasticsearch Configuration wizard. This option gives greater control of access to data in the Search Screen than the legacy option allows.

  • Legacy Products Linked to Classifications - products are only included in Elasticsearch when linked to privileged classifications. This option gives poor support of STEP privileges, minimal control of access to products in the faceted Search Screen and is not recommended.

Use one of the following ways to verify that your system is using the recommended Elasticsearch Permissions and STEP Privileges option and not the legacy option:

  • In workbench, open the active Elasticsearch Configuration object and ensure that the User Group Permissions column is displayed on the Data Specifications step.

  • From the Start Page, click the STEP System Administration link, provide login information, and click the 'Fetch data' button on the Configuration tab. For more information, refer to the Configuration topic in the Administration Portal documentation here.

Finish activation of the desired searchable data setup type by completing the steps defined in the Initial Setup for Elasticsearch topic here.

Important: Before starting the configuration outlined in this topic, contact your Stibo Systems account manager or partner manager for assistance. Activation and configuration for the faceted Search screen, Elasticsearch, and corresponding components / functionality should not be done without the assistance of Stibo Systems.

Elasticsearch Permissions and STEP Privileges

With this option, the faceted Search Screen uses the STEP User Privilege settings defined below to filter out node data displayed on the Search Screen. Although privilege rules for attribute groups are ignored in Elasticsearch, attribute group access can be managed via the User Group Permissions column on the configuration. The User Group Permissions column on the configuration is an extension to user privileges and impacts visibility of individual data specifications.

Important: Once your system is updated from the legacy option to the preferred Elasticsearch Permissions and STEP Privileges option, reverting is not advised. Upgrading to the Elasticsearch Permissions and STEP Privileges option may require additional configuration as defined in the Upgrading the Searchable Data Setup Option section below.

For the active Elasticsearch Configuration object:

  • The faceted Search Screen respects user privileges applied for the following types of privilege rules: action sets, classification hierarchy nodes, object types, product hierarchy node, or dimension points. For more information, refer to the Privilege Rules topic in the System Setup documentation here.

  • Elasticsearch does not support privilege rules for structure nodes (displayed in the User Privileges 'Applies to' column) of entities, collections, or eCatalogs, so privileges rules for these objects do not impact the objects displayed on the Search Screen.

  • Elasticsearch does not support privilege rules for attribute groups. Instead, User Group Permissions set on the Elasticsearch Configuration allow control for each data specification.

  • The faceted Search Screen limits access to any data specification to the user groups displayed in the User Group Permission column. If no groups are defined, all users have access.

Considerations

The Elasticsearch Permissions and STEP Privileges option includes the following functionality:

  • Full-text search results on the faceted Search Screen will include values that may be hidden from the user's view. Consider a data specification with the Full Text option selected and User Group Permissions set in the Elasticsearch Configuration. The Search Screen results will include products that satisfy a full-text search using that data specification even if the attribute is not visible to the user. In other words, although an attribute with the value that meets the full-text search is not displayed in the result set (because the user is not part of the User Group Permissions group selected), the product that contains the attribute value is displayed.

Note: Use caution when setting both Full Text and User Group Permissions on the Elasticsearch Configuration to avoid unexpected search results.

For example, the attribute 'Country' data specification is set for Full Text and its visibility is limited to the 'Sales' user group via the User Group Permissions column.

Two users perform the same search for 'Kingdom' with the following results:

  • Joe, who is not a member of the 'Sales' user group, accesses a product that does not show the value 'kingdom' for any visible attribute. Joe does not view the Country attribute since it is only visible for the 'Sales' user group.

  • Sam, who is a member of the 'Sales' user group, accesses the same product, the 'Country' attribute, and the value of the Country attribute which is 'United Kingdom.'

Additionally, if the 'Country' data specification is also set as a Default Facet, the selections in the User Group Permissions column determine which Search Screen users view that default facet. Continuing with the example above:

  • Joe, who is not a member of the 'Sales' user group, does not have access to the default facet.

  • Sam, who is a member of the 'Sales' user group, does have access to the default facet.

This example shows that restricting access to data via user group permissions does not restrict the results of a search, but instead limits the visibility of the data specification in the result set.

For details on full-text searches, refer to the Creating an Elasticsearch Configuration topic (here) and the Search Screen Search Bar topic (here).

  • The faceted Search Screen uses the STEP User Privileges to filter out node data displayed on the Search Screen, while the User Group Permissions setting on the configuration impacts visibility of individual data specifications. Consider a data specification with Full Text selected and no entries for the User Group Permissions column. The Search Screen results will include products that satisfy the full-text search and that are allowed by the privilege rules.

For example, the 'Outerwear' user group is privileged to view the primary product hierarchy 'Jackets' node but is not privileged to view the 'Swimwear' node. The 'Brand' attribute is valid for both the 'Jackets' node and the 'Swimwear' node. The value 'HiriKahaki' exists for both 'Jackets' and 'Swimwear' products.

Two users perform the same search for 'HiriKahaki' with the following results:

  • Bob, who is a member of the only 'Outerwear' user group, accesses only products in the Jackets node.

  • Tom, who is privileged to view both the 'Jackets' and the 'Swimwear' hierarchies, accesses products from both the Jackets node and the Swimwear node.

Legacy Products Linked to Classifications

The original release of the Elasticsearch faceted Search Screen includes only products linked to privileged classifications.

For the active Elasticsearch Configuration object:

  • The product must be linked into at least one classification that the user is privileged to view.
  • The user must have the 'View product' and 'View classification' user action privileges applied to a particular classification or its parent.

For Elasticsearch results, only user privileges for classifications are respected and are additive. Attribute, object type, and other privileges are not available. For example, a user who has privileges only to Classification A can view the products in that classification. If the same product exists in Classification A and in Classification B, the user can view some of the products from Classification B because of the privileges to Classification A.

Upgrading the Searchable Data Setup Option

When Elasticsearch is configured and running in the Web UI faceted Search Screen, upgrading from the legacy setup option should include the following steps and considerations.

  1. Reindex Elasticsearch to deploy the upgraded functionality. For details, refer to the Reindex the Elasticsearch Database section of the Elasticsearch Publishing topic here.

  2. Optionally, edit the active Elasticsearch Configuration and set the User Group Permissions column to give access to only the listed user groups. For backward compatibility, if no user groups are listed, all users have access to the data specification.

Note: A different number of objects may be available in the Search Screen after upgrading the searchable data setup option since products are no longer required to be linked into a classification. The backward compatibility for the Elasticsearch Permissions and STEP Privileges means that products previously excluded from the Search Screen due to not being linked to a privileged classification are now included in search results.

Once the Elasticsearch Permissions and STEP Privileges setup is enabled, reverting to the Legacy Products Linked to Classifications option is not advised due to the following issues:

  • The legacy classification option does not adequately honor standard STEP privilege rules and requires additional setup not typically necessary to restrict access. The Elasticsearch Permissions and STEP Privileges option is the recommended choice.

  • Assigned User Group Permissions settings are not automatically removed when reverting to the legacy classifications option. This means that the user group settings can continue to have an impact on data available to the Search Screen even after the User Group Permissions column is no longer available in the configuration wizard. To avoid this, all User Group Permissions settings should be removed manually if reverting.

  • Search Screen results will differ drastically if reverting to the legacy classifications option after implementing the Elasticsearch Permissions and STEP Privileges option. To reduce the differences, additional classifications can be created manually prior to reverting to ensure the behavior remains consistent between the options.