We have implemented field level security to hide a sensitive field from a subset of users and this works as desired in discover etc.
We had expected if a restricted user accesses a dashboard containing the field, the field value would not be visible - but this is not the case. The user can see the field and furthermore can even create a visualisation and include the hidden field in it!
Is there a way to completely hide a field from users that also includes visualisations?
Any help appreciated.
Hey @mwitsas. Thanx for reaching us. We can't replicate it. Can you give us more information?
What kind of visualization are you trying to create? Also in which kibana version are you?
Thanks for the reply
Kibana 7.10.2 (sorry I know this is old).
Data table visualisation allows a user to create a visualisation based on a field that's hidden from them otherwise. If they view a dashboard which includes a field that is otherwise hidden, the user can see values. The field can't be seen in discover etc.
Hope this helps -
I found this article - does this make sense to you?
Yes this is definitely an old version. Are you referring to the Lens datatable, the TSVB datatable or the aggbased datatable? We did some tests with Lens on the latest kibana and we can't replicate it so it is either a bug fixed in a more recent version or it is a bug present in the legacy vis editors
Would be really useful to know this is not expected when we upgrade to v8
Thanks again for your help with this - much appreciated
So it is a legacy table, I can test and let you know but most possibly I will reply tomorrow
@mwitsas I tested this in 7.17 (the version from 7 major that we support) and the latest 8.13 and works as expected in both versions. So my guess is that this was a bug on your version so upgrading in the latest 7.17 minor will solve the problem.
Thanks very much for doing this - that's good to know it's not expected behaviour (I couldn't believe it would be) but that was alluded to in the other post I linked to. We will be upgrading asap by the way! 
Amazing!! Let me know if everything works as expected after your upgrade!
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.
