How to give more than one condition based to user for the specifc role

security

(balaji) #1

Hi everyone,

Iam using kibana4.5.4,elasticsearch2.3.3,shield2.3.3

Iam trying document i.e query level acces for different values according to the users
*in our data we have
"designation":"developer"
"designation":"tester"

So we need acces for "developerUSER" username when "designation":"developer" with rolename"A"
similarly we need acces for "TesterUSER" username when "designation":"Tester" with rolename"A"

###To obtain the above we did
*I created custom role "kibana"
POST /_shield/role/kibana
{
"cluster": ["all"],
"indices": [
{
"names": [ ".kibana" ],
"privileges": ["all"]
}
]
}

*create a custom role for developer
POST /_shield/role/A
{
"cluster": ["all"],
"indices": [
{
"names": [ "myindex" ],
"privileges": ["all"],
"query": "{"match": {"designation": "/developer"}}"
}
]
}

*create a user for developer

POST /_shield/user/developerUSER
{
"password" : "test123",
"roles" : [ "A","kibana"],
"full_name" : "query reader",
"email" : "balu@ktree.com",
"metadata" : {

"intelligence" : 7

}
}

Now when i login into the Kibana with the user "developerUSER" i can get the access for the docs where "designation":"developer"

Now how i need to add the another condion("designation":"Tester") to the same role(A) for other specific user(testerUSER)

Please anone help me out


(Jay Modi) #2

Now how i need to add the another condion("designation":"Tester") to the same role(A) for other specific user(testerUSER)

Roles cannot currently be conditional per user; so I think you should just create a different role for the testeruser.


(balaji) #3

Hi jayamode,

Thanx for Your quick response

Ya i too thought the same to add the another role.......but we have multiples designations so thinking for the alternative...........As of now i will do this ,Thank You


(system) #4