Document level security issue with elastic and shield 2.3.2

security

(Stefan Rinderle) #1

Hello everybody,

I'm not getting document level security to work. It does not seem to have any effect. My config in roles.yml:

user:
indices:
'lmsapp-*':
privileges: read
query: '{"match":{"_type":"lmsappPerfLog"}}'

curl -GET -u monitoring:monitoring 'https://localhost:9210/lmsapp-2016.06.07/lmsappLoginLog/AVUp7fQjrLqamWsblN-y?pretty'
and
curl -GET -u monitoring:monitoring 'https://localhost:9210/lmsapp-2016.06.07/lmsappLoginLog/AVUp7fQjrLqamWsblN-y?pretty'

both return results. According to Problem with document level security i also enabled shield.dls_fls.enabled: true

The user monitoring is in the according group "user".

Any ideas? Thanks.


(Jay Modi) #2

What type of license do you have? You can check by executing a GET /_license request


(system) #3