Index level permissioning using searchguard5

Hi All,

I am testing community version of searchguard5. I have setup permissions and visualizations as below:

setup:
UserA has permission only for index=data-full-*
UserB has permission only index=data-partial-*

Now I have created generic visualizations with index-pattern=data-*.

problem:
Now I am trying access data using UserA but no data is being displayed but showing error userA doesn’t have access. This is because UserA doesn’t have permission for data-partial*

Similarly UserB also doesn’t see any data as he doen’t have access to data-full*

Help Needed:
Is there any way to access all permissioned data with generic index data-* instead throwing error and not displaying content at all?

Any other solution please?

[meanwhile I am trying another way now :
have only one index=data-*
create alias data-alias1-* which is filtered alias

now I will give permissions userA to index and userb to alias. Now sure if this work if anyone explore in this space. Thanks for your help in advance. ]

To make this work you need the kibana multitenancy module, see https://github.com/floragunncom/search-guard-docs/blob/master/multitenancy.md#expert-setting-handling-missing-index-privileges
You can also leverage the DLS/FLS (Document level security) modul to accomplish this task, see https://github.com/floragunncom/search-guard-docs/blob/master/dlsfls.md

Filtered alias may work but we recommend against it. See https://github.com/floragunncom/search-guard/issues/190 for a discussion.

···

Am 12.07.2017 um 15:47 schrieb Ramesh Janagam <ramesh.btech@gmail.com>:

Hi All,

I am testing community version of searchguard5. I have setup permissions and visualizations as below:

setup:
UserA has permission only for index=data-full-*
UserB has permission only index=data-partial-*

Now I have created generic visualizations with index-pattern=data-*.

problem:
Now I am trying access data using UserA but no data is being displayed but showing error userA doesn't have access. This is because UserA doesn't have permission for data-partial*

Similarly UserB also doesn't see any data as he doen't have access to data-full*

Help Needed:
Is there any way to access all permissioned data with generic index data-* instead throwing error and not displaying content at all?

Any other solution please?

[meanwhile I am trying another way now :
have only one index=data-*
create alias data-alias1-* which is filtered alias

now I will give permissions userA to index and userb to alias. Now sure if this work if anyone explore in this space. Thanks for your help in advance. ]

--
You received this message because you are subscribed to the Google Groups "Search Guard" group.
To unsubscribe from this group and stop receiving emails from it, send an email to search-guard+unsubscribe@googlegroups.com.
To post to this group, send email to search-guard@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/29ca298c-adf5-47b3-a5c3-eea1d9af5ade%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.