viku
(Victor)
February 12, 2020, 4:06pm
1
Hi,
I'm trying to set up field security level, but it doesn't seem to work.
I'm using the Elastic cloud trial (Deployment version v7.6.0) and the Flights dataset that comes as a demo.
I've created a role (flight_data) with read privileges, and a user (flight-user) with that role.
Then, I went to the Dev Tools and tried the following configuration following the documentation (https://www.elastic.co/guide/en/elasticsearch/reference/current/field-level-security.html )
The idea is to create a role that can only see the data when the OriginCityName of the flights is "London"
POST /_security/role/flight-data
{
"run_as": [ "flight-user" ],
"cluster": [ "monitor" ],
"indices": [
{
"names": [ "kibana_sample_data_flights" ],
"privileges": [ "read" ],
"field_security" : {
"grant" : [ "*" ]
},
"query": "{"match": {"OriginCityName": "London"}}"
}
]
}
However, that user can see all the data. So, what am I missing?
Thanks
jsanz
(Jorge Sanz)
February 12, 2020, 6:00pm
2
What you want is document level security , to do that you need to create a new role like the one below that restricts read only to documents from EZE
airport. Then you can assign that role to a new user.
POST /_security/role/eze-read
{
"indices": [
{
"names": [
"kibana_sample_data_flights"
],
"privileges": [
"read"
],
"query": {
"template": {
"source": {
"term": {
"OriginAirportID": "EZE"
}
}
}
}
}
]
}
If the user is called eze
you can run this and see how the count is just 258
:
$ curl -u "eze:changeme" "localhost:9200/kibana_sample*/_count"
{"count":258,"_shards":{"total":1,"successful":1,"skipped":0,"failed":0}}
While if you do the same using the super user you get all the docs 13059
:
$ curl -u "elastic:changeme" "localhost:9200/kibana_sample*/_count"
{"count":13059,"_shards":{"total":1,"successful":1,"skipped":0,"failed":0}}
Let us know if this is what you need. Best.
1 Like
viku
(Victor)
February 13, 2020, 7:47am
3
Hi @jsanz
YES!! That was what I wanted to do. You nailed it.
Thank you very much
system
(system)
Closed
March 12, 2020, 7:47am
4
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.