Issue with document-level security expression and date range

Elastic Stack Elasticsearch
1

I am having the same issue as https://discuss.elastic.co/t/granted-documents-query-with-filter-by-timestamp/201834 and https://discuss.elastic.co/t/document-level-security-combining-queries-together/136143

{
      "bool": {
        "must": [
          {
            "terms": {
              "name": [
                "John"
              ]
            }
          },
          {
            "range": {
              "birthdate": {
                "gte": "now-30y"
              }
            }
          }
        ]
      }
    }

I am getting the following error message when I try to search the index with a user linked to the Role:

 Request failed to execute. Call: Status code 400 from: POST /users/_search?typed_keys=true. ServerError: Type: search_phase_execution_exception Reason: "all shards failed" CausedBy: "Type: parse_exception Reason: "could not read the current timestamp" CausedBy: "Type: illegal_argument_exception Reason: "'now' is not allowed in DLS queries"""

I am not sure why because now is perfectly parsed in DSL queries in Kibana Discovery for example. Do you have any idea on how to create a document-level security role with a relative date to now?

Thanks.

2

There are some limitation, check this link :slight_smile:

3

Thank you @ylasri for pointing me to that page. Somehow I had overlooked it and couldn't get to it while searching for the error I was getting.
Do you think there may be an alternate way of applying that document-level security expression?

I'm trying to use these role-based expressions to limit the data that different applications/users can see from the elasticsearch instance. That way, I won't have to "manually" apply them in every application that gets data from elasticsearch.

One of the business rules has a relative-to-now date range (e.g. some users cannot see documents older than 10 months), it would be a pity not being able to use this awesome security features only for that.

Thanks.

4
5

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.