For STEP data to be displayed in the Web UI faceted Search Screen, it must meet the conditions for the searchable data setup type implemented for Elasticsearch during the initial set up:
Note: Elasticsearch can display product, entity, classification, and/or asset data only, based on configuration.
Elasticsearch Permissions and STEP Privileges
With this option, the faceted Search Screen uses the STEP User Privilege settings defined below to filter out node data displayed on the Search Screen. Attribute group access can be managed via the User Group Permissions column on the configuration but are ignored for the filters and 'Apply to' column. Because of this, some users are able to filter based on attribute values that they are not allowed to view and to view objects that contain the attribute values. The User Group Permissions column on the configuration is an extension to user privileges and impacts visibility of individual data specifications.
For the active Elasticsearch Configuration object:
-
The faceted Search Screen respects user privileges applied for the following types of privilege rules: action sets, classification hierarchy nodes, object types, product hierarchy node, or dimension points. For more information, refer to the Privilege Rules topic in the System Setup documentation.
-
Elasticsearch does not support privilege rules for structure nodes (displayed in the User Privileges 'Applies to' column) of collections or eCatalogs, so privileges rules for these objects do not impact the objects displayed on the Search Screen.
-
Search results do not filter out objects from branches in which the user does not have the privileges required to view its attribute values. However, the search results will hide attribute values that the user does not have permission to view. The user can still search on these values, despite not having permission to view them.
-
The faceted Search Screen limits access to any data specification to the user groups displayed in the User Group Permission column. If no groups are defined, all users have access.
Note: Permissions set on the Elasticsearch configuration only impact facets. Search results only respect STEP default privileges.
Considerations
The Elasticsearch Permissions and STEP Privileges option includes the following functionality:
-
Full-text search results on the faceted Search Screen will include objects that may be hidden from the user’s view. Consider a data specification with the Full Text option selected and User Group Permissions set in the Elasticsearch Configuration. The Search Screen results will include objects that satisfy a full-text search using that data specification even if the attribute is not visible to the user. In other words, although an attribute with the value that meets the full-text search is not displayed in the result set (because the user is not part of the User Group Permissions group selected), the object that contains the attribute value is displayed.
Note: Use caution when setting both Full Text and User Group Permissions on the Elasticsearch Configuration to avoid unexpected search results.
For example, the attribute 'Country' data specification is set for Full Text and its visibility is limited to the 'Sales' user group via the User Group Permissions column.
Two users perform the same search with the following results:
-
Joe, who is not a member of the 'Sales' user group, accesses a product with the 'Country' attribute (column) displayed; however, because the permissions for the attribute are only visible for the 'Sales' user group, the value for 'Country' is listed as empty.
-
Sam, who is a member of the 'Sales' user group, accesses the same product with the 'Country' attribute (column) displayed and the 'Country' value is shown.
Additionally, if the 'Country' data specification is also set as a Default Facet, the selections in the User Group Permissions column determine which Search Screen users view that default facet. Continuing with the example above:
-
Joe, who is not a member of the 'Sales' user group, does not have access to the default facet.
-
Sam, who is a member of the 'Sales' user group, does have access to the default facet.
This example shows that restricting access to data via user group permissions does not restrict the results of a search, but instead limits the visibility of the data specification in the result set.
For details on full-text searches, refer to the Creating and Maintaining an Elasticsearch Configuration topic and the Search Screen Search Bar topic.
-
The faceted Search Screen uses the STEP User Privileges to filter out node data displayed on the Search Screen, while the User Group Permissions setting on the configuration impacts visibility of individual data specifications. Consider a data specification with Full Text selected and no entries for the User Group Permissions column. The Search Screen results will include objects that satisfy the full-text search and that are allowed by the privilege rules.
For example, the 'Outerwear' user group is privileged to view the primary product hierarchy 'Jackets' node but is not privileged to view the 'Swimwear' node. The 'Brand' attribute is valid for both the 'Jackets' node and the 'Swimwear' node. The value 'HiriKahaki' exists for both 'Jackets' and 'Swimwear' products.
Two users perform the same search for 'HiriKahaki' with the following results:
-
Bob, who is a member of the only 'Outerwear' user group, accesses only products in the Jackets node.
-
Tom, who is privileged to view both the 'Jackets' and the 'Swimwear' hierarchies, accesses products from both the Jackets node and the Swimwear node.