Document level Privileges Not Working

Elastic Observability APM
,
1

Hi All,

I am using ELK version 8.6.2 and need to implement user security in APM agents.
I want only privileged user to view or edit data for the APM Agent.
Example: if there are 2 users using 2 different APM Agents on a the same ELK and apm-server then their Data should be restricted to user level and they should not view or edit other users Data.

For the same , I tried implementing document level security. Below is the query used:

POST /_security/role/read-role
{
"indices" : [
{
"names" : [ "*" ],
"privileges" : [ "read" ],
"query" : {
"term" : { "service.name": "my_agent" }
}
}
]

Response of above query:
{
"error": {
"root_cause": [
{
"type": "security_exception",
"reason": "current license is non-compliant for [field and document level security]",
"license.expired.feature": "field and document level security"
}
],
"type": "security_exception",
"reason": "current license is non-compliant for [field and document level security]",
"license.expired.feature": "field and document level security"
},
"status": 403
}

I have my xpack security enabled in elasticsearch. Below are my properties w.r.t xpack:-

xpack.security.enabled: true
xpack.security.enrollment.enabled: true
xpack.security.http.ssl:
enabled: true

xpack.security.transport.ssl:
enabled: true
verification_mode: certificate
cluster.initial_master_nodes: ["Hostname"]
http.host: 0.0.0.0
xpack.security.http.ssl.certificate_authorities: certs/example.com-ca.pem
xpack.security.http.ssl.certificate: certs/example.com.pem
xpack.security.http.ssl.key: certs/example.com.key
xpack.security.http.ssl.client_authentication: optional
xpack.security.authc.realms.pki.pki1.order: 0
xpack.security.authc.realms.pki.pki1.certificate_authorities: ["/home/pathTo/ELK/elasticsearch-8.6.2/config/certs/example.com-ca.pem"]
xpack.security.transport.ssl.certificate_authorities: certs/example.com-ca.pem
xpack.security.transport.ssl.certificate: certs/example.com.pem
xpack.security.transport.ssl.key: certs/example.com.key

Please advise/suggest what is missing from the configuration side to enable document level security.

Best Regards,
Namita Jaokar

2

What license do you have? Field and Document level is a paid feature, you need at least a Platinum license.

3

Hi @leandrojmp ,

Thank you for the quick response. :slight_smile:

Currently I am using basic version of ELK. For the platinum version, Is there any trial available or do I need to first upgrade to platinum version to implement this feature.

I am asking because currently I am doing R&D of the requirement in my application and subscription would be based on the results. Hence, wanted to confirm on trial version available for it.

Thanks & Regards,
Namita Jaokar

4

Yes, there is a 30-day trial if you didn't enable it before.

You can enable it in Kibana, going to Stack Management > Stack > License Management.

Or using the _license API in Elasticsearch as explained in the documentation.

5

Thanks for the reference Documentation.
Will go through it and try implementing the same.

Thanks & Regards,
Namita Jaokar

6

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.