Document type level access control don't work

Search Guard (community edition): 5.6.4

Elasticsearch: 5.6.4-18

JVM: 1.8

Hello,

I recently installed search guard 5.6.4-18 and it’s working like a cham until I tried to use the “Document type level access” feature included in the community edition.

This is my document structure:

{

"_index": “capi-brands-qa-storea-2018.01.23”,

"_type": “storea”,

“_id”: “AWEiqcOy4e7FM_idy1c2”,

“_version”: 1,

“_score”: null,

“_source”: {

“host”: “173.126.9.111”,

“logger_name”: “com.service.HYLService”,

“brandName”: “storea”,

“level”: “INFO”,

“tags”: [

“_grokparsefailure”

],

“apiError”: false,

“port”: 52250,

“thread_name”: “api-Executor-1”,

“level_value”: 20000,

“success”: true,

“app_port”: “8080”,

@version”: 1,

“actionDate”: 1516705003888,

“errorMessage”: “”,

“app_name”: “api”,

@timestamp”: “2018-01-23T10:56:46.475Z”,

“inputDelay”: 132,

“location”: {

“lon”: 139.715868,

“lat”: 35.666004

}

},

“fields”: {

@timestamp”: [

1516705006475

]

},

“sort”: [

1516705006475

]

}

I want that admin and user storea use the same dashboard (exactly the same index). Admin will see all data but storea will see only data with document type “storea”

I configured the role in sg_roles.yml like this:

For StoreA

sg_storea:

cluster:

  • CLUSTER_COMPOSITE_OPS_RO

indices:

‘?kibana’:

‘*’:

  • READ

‘api-brands-qa*’:

‘storea’:

  • READ

These are elasticsearch logs:

[2018-01-23T18:04:35,470][INFO ][c.f.s.c.PrivilegesEvaluator] No index-level perm match for User [name=storea, roles=] [IndexType [index=api-brands-qa-bal-2018.01.22, type=], IndexType [index=api-brands-qa-bal-2018.01.23, type=]] [Action [[indices:data/read/search]]] [RolesChecked [sg_storea, sg_own_index, sg_public]]

[2018-01-23T18:04:35,470][INFO ][c.f.s.c.PrivilegesEvaluator] No permissions for {sg_public=[IndexType [index=api-brands-qa-bal-2018.01.23, type=], IndexType [api-brands-qa-bal-2018.01.22, type=]], sg_own_index=[IndexType [index=api-brands-qa-bal-2018.01.23, type=], IndexType [index=api-brands-qa-bal-2018.01.22, type=]], sg_storea=[IndexType [index=api-brands-qa-bal-2018.01.23, type=], IndexType [index=api-brands-qa-bal-2018.01.22, type=]]}

Apparently, I have the same problem as https://groups.google.com/forum/#!topic/search-guard/9geSPPKqcCM

Can you help me please?

sg_config.yml (9.37 KB)

sg_internal_users.yml (1.32 KB)

sg_roles.yml (6.34 KB)

sg_roles_mapping.yml (1016 Bytes)