Search Guard (community edition): 5.6.4
Elasticsearch: 5.6.4-18
JVM: 1.8
Hello,
I recently installed search guard 5.6.4-18 and it’s working like a cham until I tried to use the “Document type level access” feature included in the community edition.
This is my document structure:
{
“_index”: “capi-brands-qa-storea-2018.01.23”,
“_type”: “storea”,
“_id”: “AWEiqcOy4e7FM_idy1c2”,
“_version”: 1,
“_score”: null,
“_source”: {
“host”: “173.126.9.111”,
“logger_name”: “com.service.HYLService”,
“brandName”: “storea”,
“level”: “INFO”,
“tags”: [
“_grokparsefailure”
],
“apiError”: false,
“port”: 52250,
“thread_name”: “api-Executor-1”,
“level_value”: 20000,
“success”: true,
“app_port”: “8080”,
“@version”: 1,
“actionDate”: 1516705003888,
“errorMessage”: “”,
“app_name”: “api”,
“@timestamp”: “2018-01-23T10:56:46.475Z”,
“inputDelay”: 132,
“location”: {
“lon”: 139.715868,
“lat”: 35.666004
}
},
“fields”: {
“@timestamp”: [
1516705006475
]
},
“sort”: [
1516705006475
]
}
I want that admin and user storea use the same dashboard (exactly the same index). Admin will see all data but storea will see only data with document type “storea”
I configured the role in sg_roles.yml like this:
For StoreA
sg_storea:
cluster:
- CLUSTER_COMPOSITE_OPS_RO
indices:
‘?kibana’:
‘*’:
- READ
‘api-brands-qa*’:
‘storea’:
- READ
These are elasticsearch logs:
[2018-01-23T18:04:35,470][INFO ][c.f.s.c.PrivilegesEvaluator] No index-level perm match for User [name=storea, roles=] [IndexType [index=api-brands-qa-bal-2018.01.22, type=], IndexType [index=api-brands-qa-bal-2018.01.23, type=]] [Action [[indices:data/read/search]]] [RolesChecked [sg_storea, sg_own_index, sg_public]]
[2018-01-23T18:04:35,470][INFO ][c.f.s.c.PrivilegesEvaluator] No permissions for {sg_public=[IndexType [index=api-brands-qa-bal-2018.01.23, type=], IndexType [api-brands-qa-bal-2018.01.22, type=]], sg_own_index=[IndexType [index=api-brands-qa-bal-2018.01.23, type=], IndexType [index=api-brands-qa-bal-2018.01.22, type=]], sg_storea=[IndexType [index=api-brands-qa-bal-2018.01.23, type=], IndexType [index=api-brands-qa-bal-2018.01.22, type=]]}
Apparently, I have the same problem as Redirecting to Google Groups
Can you help me please?
sg_config.yml (9.37 KB)
sg_internal_users.yml (1.32 KB)
sg_roles.yml (6.34 KB)
sg_roles_mapping.yml (1016 Bytes)