Apply filter from the _user variable

Felix_Valembois · June 9, 2020, 2:08pm

Hello,

My problem is this : I want to filter the data in kibana in function of the name of the user connected (and other restriction that goes with the user.)

So far, I applied a restriction on document with a query thanks to the document level security (x-pack with platinium version)

And i would like to add in my query a condition due to the user name. With this following documentation :
https://www.elastic.co/guide/en/elasticsearch/reference/7.x/field-and-document-access-control.html#templating-role-query
I suppose it is workable, but i can't figure out a way to merge my query with the user restriction.

my current query :

{
   "bool":{
      "must":[
         {
            "bool":{
               "should":[
                  {
                     "match":{
                        "TypeEve":"FAC"
                     }
                  },
                  {
                     "match":{
                        "Coloris":"BLEU  "
                     }
                  },
                  {
                     "match":{
                        "Coloris":"VERT  "
                     }
                  }
               ],
               "minimum_should_match":2
            }
         }
      ]
   }
}

I would like to add :

 "match":{
                        "Name":"{{_user.username}}"
}

but it seems to work in a different way

I hope my problem is clear enough, can someone help me please ?

mikecote · June 10, 2020, 6:24pm

Hi @Felix_Valembois,

The _user variable is specific to document level security and not accessible elsewhere. To get this working, you will need to make sure the user and the restriction belong to the same role and the filtering should then be done automatically by Elasticsearch.

system · July 8, 2020, 6:24pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.