Elastic Rbac And Rag Best Friends

Rbac And Rag Best Friends

openai-chatgptlangchain-pythonchatgptgenaielasticsearchelasticopenaiAIrbac-and-rag-best-friendschatlogvectordatabasePythonsearchgenaistacksupporting-blog-contentvectorelasticsearch-labslangchainapplications

alph-notebooks/elasticsearch-labs / rbac-and-rag-best-friends.ipynb

Export

Run Notebooks

Contents

No cells yet

Add cells to see them here

RBAC with RAG

This code accompanies the blog RBAC with RAG - Best of Friends

It is a simple demonstration of how users assigned to different groups are able to query the same index pattern, but only retrieve documents they should have access to.

Indices:

rbac_rag_demo-data_public contains data that is not restricted
rbac_rag_demo-data_senstive contains data is is restricted to only managers

Users:

engineer_role will have access to the rbac_rag_demo-data_public index

Add blockquote

manager_role will have access to both rbac_rag_demo-data_public and rbac_rag_demo-data_sensitive indices

Environment setup

Install and import required python libraries

[1]

Requirement already satisfied: elasticsearch in /usr/local/lib/python3.10/dist-packages (8.13.1)
Requirement already satisfied: elastic-transport<9,>=8.13 in /usr/local/lib/python3.10/dist-packages (from elasticsearch) (8.13.0)
Requirement already satisfied: urllib3<3,>=1.26.2 in /usr/local/lib/python3.10/dist-packages (from elastic-transport<9,>=8.13->elasticsearch) (2.0.7)
Requirement already satisfied: certifi in /usr/local/lib/python3.10/dist-packages (from elastic-transport<9,>=8.13->elasticsearch) (2024.2.2)

[2]

Cloud ID and API Key

Run the cell below and input your ESS cloud_id and elasticsearch api key

This is an existing API key that has access to create, delete, and query indices

[3]

Enter your Elastic Cloud ID: ··········
Enter your API key (with access to create, delete, and query indices): ··········

Elasticsearch Setup

Create elasticsearch connection for index and user setup

[4]

Delete demo indices if they previously existed

[5]

Deleted index: rbac_rag_demo-data_public
Deleted index: rbac_rag_demo-data_sensitive

Create and load data into indices

[6]

<ipython-input-6-126412fda511>:4: DeprecationWarning: Passing transport options in the API method is deprecated. Use 'Elasticsearch.options()' instead.
  es.indices.create(index="rbac_rag_demo-data_public", ignore=400, body={
<ipython-input-6-126412fda511>:16: DeprecationWarning: Passing transport options in the API method is deprecated. Use 'Elasticsearch.options()' instead.
  es.indices.create(index="rbac_rag_demo-data_sensitive", ignore=400, body={

Create two users with different access levels

[7]

Test how security roles affect ability to query data

Create helper functions

Helper functions to query for each user

and some output formatting

[14]

Siumlate querying as an "engineer"

[15]

Each user will log in with their credentials and query the same index pattern: rbac_rag_demo-data*


Logged in as engineer:




Logged in as manager: