Hi
I need help getting valid document level security statement to restrict users access to certain information withing an index . I created role with DLS to restrict access to certain documents within index but user on that role seeing everything on index .
I have 100 servers , I need to create DLS statement to restrict access to some data on particular set of severs (hence use of wildcard on host names)
The query “host dept1server* and text1 or text2 or text3” works from curl XGET , however corresponding DLS statement doesn’t apply to users on that role.
Any help to get working statement is appreciated .
Thanks
Queries tested :
**This query works from curl XGET *
GET _search
{
“query”: {
“query_string”: {
“query”: “dept1host* AND text1”,
“fields”: [“host”, “message”]
}
},
“_source”: [“host”,“message”]
}
The following DLS rules passes validation but user assigned this role sees the whole index
Rule 1
{
“bool”: {
“must”: {
“match”: {
“host”: “dept1host05”
}
}
}
}
Rule 2
{
“bool”: {
“must”: {
“multi_match”: {
“query”:
“query_string”: {
“query”: “dept1server1* AND text1”,
“fields”: [“host”, “message”]
}
}
}
}
}