Document Level Security Statement

Hi

I need help getting valid document level security statement to restrict users access to certain information withing an index . I created role with DLS to restrict access to certain documents within index but user on that role seeing everything on index .

I have 100 servers , I need to create DLS statement to restrict access to some data on particular set of severs (hence use of wildcard on host names)

The query “host dept1server* and text1 or text2 or text3” works from curl XGET , however corresponding DLS statement doesn’t apply to users on that role.

Any help to get working statement is appreciated .

Thanks

Queries tested :

**This query works from curl XGET *

GET _search
{
“query”: {
“query_string”: {
“query”: “dept1host* AND text1”,
“fields”: [“host”, “message”]
}
},
“_source”: [“host”,“message”]
}

The following DLS rules passes validation but user assigned this role sees the whole index

Rule 1

{
“bool”: {
“must”: {
“match”: {
“host”: “dept1host05”
}
}
}
}

Rule 2

{
“bool”: {
“must”: {
“multi_match”: {
“query”:
“query_string”: {
“query”: “dept1server1* AND text1”,
“fields”: [“host”, “message”]
}
}
}
}
}

Are you using ODFE or Search Guard? Seems you posted a similar question already here: https://discuss.opendistrocommunity.dev/t/configure-document-level-security/1293

I am testing ODFE now but was hoping to get help with forming proper DLS query .

Sorry but we do not support ODFE in this forum. You may want to have a look in the Search Guard Docs (https://docs.search-guard.com/latest/) but things might be different in ODFE.