Class EsqlResolveDatasetAction


Read-authorization gate for FROM <dataset>: narrows the dataset names a query would read to the subset the caller may read. Mirrors EsqlResolveViewAction — the EsqlResolveDatasetAction.Request is an IndicesRequest.Replaceable with resolveDatasets(true), so the security filter drops unauthorized names (hiding their existence) and the DLS/FLS interceptor rejects restricted datasets. Read access is governed by the index read privilege on the dataset name, exactly as for indices and views; the parent datasource's credentials are an admin concern settled when the dataset is created (PUT), not re-checked per query.

The request carries one relation's raw FROM patterns (split on comma, not pre-expanded). Wildcard expansion against the authorized abstractions happens in the authorization engine (the security filter replaces EsqlResolveDatasetAction.Request.indices() in flight with the authorized concrete names) rather than client-side. The original raw patterns are preserved separately (EsqlResolveDatasetAction.Request.rawPatterns()) so the action body can still classify whether the relation also targets non-dataset abstractions — see localClusterStateOperation(org.elasticsearch.tasks.Task, org.elasticsearch.xpack.esql.action.EsqlResolveDatasetAction.Request, org.elasticsearch.cluster.ProjectState, org.elasticsearch.action.ActionListener<org.elasticsearch.xpack.esql.action.EsqlResolveDatasetAction.Response>).