	US 11,989,314 B2
	Document-level attribute-based access control
Adrien Grand, Maisoncelles-Pelvey (FR)
Assigned to Elasticsearch B.V., Amsterdam (NL)
Filed by Elasticsearch B.V., Mountain View, CA (US)
Filed on Apr. 29, 2021, as Appl. No. 17/244,426.
Application 17/244,426 is a continuation of application No. 16/212,475, filed on Dec. 6, 2018, granted, now 11,023,598.
Prior Publication US 2021/0248250 A1, Aug. 12, 2021
This patent is subject to a terminal disclaimer.
Int. Cl. H04L 9/40 (2022.01); G06F 16/33 (2019.01); G06F 16/35 (2019.01); G06F 21/62 (2013.01)

CPC G06F 21/62 (2013.01) [G06F 16/33 (2019.01); G06F 16/35 (2019.01); H04L 63/20 (2013.01)]

20 Claims

1. A method comprising:

determining metadata of a user received from a service, the metadata providing dynamic input and being indicative of permissions granted to the user within the service as well as information that is indicative of the user within the service;

mapping security attributes to the user, the mapping of the security attributes being defined by a domain-specific language that matches with one or more of the security attributes assigned to the user from the service; and

applying the mapping to a query and a role of a user, such that access is restricted to a document based on combinations of security attributes.