Now that we know how to create a new user, create a new role, and assign roles to a user, let's explore how security can be imposed on documents and fields for a given index/document.
The sample data that we imported before, at the beginning of this chapter, contained two indexes: employee and department.
Use Case 1: When a user searches for employee details, the user should not be able to find the salary/address details contained in the documents belonging to the employee index.
This is where field-level security helps. Let's create a new role (employee_read) with read index privileges on the employee index. To restrict the fields, choose the fields that are allowed to be accessed by the user ...