Can I use ES roles with security disabled?

I'm trying to use field-level security with ES. I have successfully created an index and populated it with some data. I have also defined a roles.yml file:

regular:
  cluster: all
  indices:
    - names: ['log-index']
      privileges: ['read']
      field_security:
        grant: ['redacted_log']      

and a role-mapping.yml file:

regular:
  - "cn=john"

In the Dockerfile, I've added RUN elasticsearch-users useradd john -p 123456 -r regular in order to create the user john when the container starts.
What I would like to achieve is that the user john can only access the redacted_log field, since that user has a regular role.

Because of this issue, I have security disabled in the elasticsearch.yml file. Can I even use roles when security is disabled?

If yes, how can I test that john only has access to the redacted_log field in documents that are present in log_index?

No, you need to enable security and use a suitable license to get access to field level security.

1 Like

Thanks for letting me know. I would appreciate it if you could have a look at the issue I linked.

That is not my area so I will not be able to help with that.

1 Like

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.