How to implement Field level Security with X-Pack?

vikas_gopal · September 1, 2017, 1:52pm

Hi Experts,

I was checking the docs and it says I can restrict user to a certain fields as well with X-Pack. So this is what I am doing .

POST /_xpack/security/role/testing
{
    "indices" : [
        {
            "names":[".kibana","abc"],
            "privileges": ["read"],
            "field_security": {
               "grant": ["src"]
            }
            
        }
        ]
}

Now assigning this role to a user

POST /_xpack/security/user/test
{
"password" : "abc123",
"roles" : ["kibana_user", "testing"],
"full_name" : "test user",
"email" : "test@test.com"

}

After above I can see the role and user been created in Kibana management page . But when I login into kibana with this user I cannot see any record in the Discover page . But if I change the

"grant" : ["src"] to "grant" : ["*"]

, things are working fine . Can some one make me understand what is the use of Grant field option in Kibana or how to restrict user to a certain field ?

Regards
Vikas

colby · September 1, 2017, 6:28pm

Vikas, are you working with sensitive data? Like healthcare data?

vikas_gopal · September 4, 2017, 7:07am

Hi Colby,

NO!!, I am working on security data .

Regards
VG

vikas_gopal · September 4, 2017, 11:17am

Any input from anyone please ?

system · October 2, 2017, 11:17am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.