Document Level Security Statement

Search Guard
1

Hi

I need help getting valid document level security statement to restrict users access to certain information withing an index . I created role with DLS to restrict access to certain documents within index but user on that role seeing everything on index .

I have 100 servers , I need to create DLS statement to restrict access to some data on particular set of severs (hence use of wildcard on host names)

The query “host dept1server* and text1 or text2 or text3” works from curl XGET , however corresponding DLS statement doesn’t apply to users on that role.

Any help to get working statement is appreciated .

Thanks

Queries tested :

**This query works from curl XGET *

GET _search
{
“query”: {
“query_string”: {
“query”: “dept1host* AND text1”,
“fields”: [“host”, “message”]
}
},
“_source”: [“host”,“message”]
}

The following DLS rules passes validation but user assigned this role sees the whole index

Rule 1

{
“bool”: {
“must”: {
“match”: {
“host”: “dept1host05”
}
}
}
}

Rule 2

{
“bool”: {
“must”: {
“multi_match”: {
“query”:
“query_string”: {
“query”: “dept1server1* AND text1”,
“fields”: [“host”, “message”]
}
}
}
}
}

2

Are you using ODFE or Search Guard? Seems you posted a similar question already here: Configure document level security - Security - OpenSearch

4

I am testing ODFE now but was hoping to get help with forming proper DLS query .

5

Sorry but we do not support ODFE in this forum. You may want to have a look in the Search Guard Docs (Security for Elasticsearch | Search Guard Documentation) but things might be different in ODFE.

6

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.