Allow user only certain documents from certain indices

sancroth · December 12, 2017, 4:13pm

I'd like some help with this scenario.

I want to allow User A to have access to Indices i1 and i2.

To achieve this i used the Management GUI, created a new role that has read writes to the 2 indices.
Then assigned user A to the new custom role plus kibana_user role.
If i leave kibana_user out i get a breaking error so i just went with it for now.

Now i want this User to only see SOME documents in there based on a certain field value,
e.g only documents with program:kibana as field:value.

How could i achieve this? I read a bit about x-pack field level security but i aint sure about where to add these queries. I expected that i should add this to the "Granted documents query| optional " but i either do something wrong or it is not used that way.

And since i mentioned the "Granted document query", is there any documentation i missed regarding this option(?)?

Thanks in advance

sancroth · December 13, 2017, 1:00pm

I found it myself, i just didn't realise that i could POST to xpack and also had a typo on the "Granted document query".

Solution with POST(either curl or kibana dev tool) :

POST /_xpack/security/role/role_to_change
{
  "indices": [
    {
      "names": [ "name-*" ],
      "privileges": ["read"],
      "query":  "{\"match\": {\"FIELD\": \"VALUE\"}}"
    }
  ]
}

Solution with "Granted document query" on "role" settings:
on the textbox add your query like this:

{"match": {"FIELD": "VALUE"}}

do not try "query":... this is why i failed it before aswell as messing up with quotes out of frustration.

The above allows your defined roles to access documents that only MATCH the query given.
If you want the deny access to those that match then check :
https://www.elastic.co/guide/en/x-pack/current/field-and-document-access-control.html

if i understand correct you would need to add:
(Granted document query usage)

"term" : { "FIELD" : "VALUE" }

and this would deny access to all documents matching this value for this role.

system · January 10, 2018, 1:00pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Role Granted Documents Query example Kibana elastic-stack-security	3	3341	February 8, 2021
Document level security in Kibana with X Pack Kibana	7	1372	July 7, 2017
Index privileges Elasticsearch elastic-stack-security	5	4838	March 9, 2017
X-pack document level filtering not operating as expected Elasticsearch	16	643	July 25, 2018
How to give access to few documents in a field on a role? Kibana elastic-stack-security	5	315	May 9, 2023

Allow user only certain documents from certain indices

Related Topics