My bubble app user data is expose through external source elastic search,even i put privacy rules on each data type ,how i control this or stop the external elastic search ?
How do you mean? Can you share screenshots?
Privacy rules will always restrict user data based on their permissions, and are the only way to protect data.
The results of searches are visible in the network tab, but you’ll only ever see something the user’s privacy rules allow them to access.
there is a script of elastic search (curl form) , when it runs in postman or in command line user interface , my user data shown to these interfaces ,it should not be , i applied privacy rules to each data type such that no one can access them other than app user roles, despite these my user app data exposed
Share screenshots of your privacy rules, and your search constraints.
Actually i have four roles in my app and role wise privacy applied ,only data shown to these users.
Your privacy rules are all redundant and you should only need ‘This User is Current User’ to allow a user to view their own data.
For your admin, you’ll want ‘Current User’s Role is Admin’
For your Company, you’ll want This User’s Company is Current User’s Company and Current User’s Company is not empty.
Same format for Employee / Sub company
But this is for inside the bubble.io , but i want that my data should not expose to any external api search that call from outside the bubble like from postman , CLI.
That’s not possible.