Hello,
I am writing with an issue connected with fls. The problem is that even if I follow the documentation placed on the search guard website I am not able to set up a roles for users to restrict some information from fields in index.
Here is my code from sg_roles.yml file.
sg_test_role:
readonly: true
cluster:
-
INDICES_MONITOR
-
CLUSTER_COMPOSITE_OPS_RO
indices:
‘?kibana’:
‘*’:
‘logstash*’:
‘date’:
fls:
``
sg_internal_user.yml
test:
hash: $2y$12$h5U8W0qHQgYPjVyVdFgCXOY4zyAwUjQKrceq5jVWmdxVriSvW.eY2 ← it’s not a plain text at least XD
roles:
``
I have also added the created role to sg_roles_mapping.yml
sg_test_role:
readonly: true
users:
``
Do you have any advice for me to solve the problem with this topic?
When you write:
- Installed and used enterprise modules, if any: none
Does it mean you run the Community Edition? DLS/FLS is an enterprise feature.
You can check what version and modules you are running by visiting the /_searchguard/license endpoint.
···
On Monday, September 24, 2018 at 9:53:31 AM UTC+2, Tomasz Dobrowolski wrote:
Hello,
I am writing with an issue connected with fls. The problem is that even if I follow the documentation placed on the search guard website I am not able to set up a roles for users to restrict some information from fields in index.
Here is my code from sg_roles.yml file.
sg_test_role:
readonly: true
cluster:
indices:
‘?kibana’:
‘*’:
‘logstash*’:
‘date’:
fls:
``
sg_internal_user.yml
test:
hash: $2y$12$h5U8W0qHQgYPjVyVdFgCXOY4zyAwUjQKrceq5jVWmdxVriSvW.eY2 ← it’s not a plain text at least XD
roles:
``
I have also added the created role to sg_roles_mapping.yml
sg_test_role:
readonly: true
users:
``
- Search Guard and Elasticsearch version: 6.3.2
- Installed and used enterprise modules, if any: none
Do you have any advice for me to solve the problem with this topic?
{"_nodes":{"total":1,"successful":1,"failed":0},"cluster_name":"elasticsearch","sg_license":{"msgs":["No license required because enterprise modules not enabled."],"license_required":false},"modules":{"HTTP_BASIC_AUTHENTICATOR":{"default_implementation":"com.floragunn.searchguard.http.HTTPBasicAuthenticator","gitsha1":"83d227fe7b4ef6d41e4c8a78b0a12a5723785ee6","buildTime":"2018-08-12T15:47:01Z","is_enterprise":"false","actual_implementation":"com.floragunn.searchguard.http.HTTPBasicAuthenticator","description":"HTTP Basic Authenticator","type":"HTTP_BASIC_AUTHENTICATOR","version":"6.3.2-23.0"},"INTERNAL_USERS_AUTHENTICATION_BACKEND":{"default_implementation":"com.floragunn.searchguard.auth.internal.InternalAuthenticationBackend","gitsha1":"83d227fe7b4ef6d41e4c8a78b0a12a5723785ee6","buildTime":"2018-08-12T15:47:01Z","is_enterprise":"false","actual_implementation":"com.floragunn.searchguard.auth.internal.InternalAuthenticationBackend","description":"Internal users authentication backend","type":"INTERNAL_USERS_AUTHENTICATION_BACKEND","version":"6.3.2-23.0"}},"compatibility":{"modules_mismatch":false}}
Tutaj wprowadź kod…
``
This message is shown in my browser when I enter this site.
W dniu poniedziałek, 24 września 2018 09:53:31 UTC+2 użytkownik Tomasz Dobrowolski napisał:
···
Hello,
I am writing with an issue connected with fls. The problem is that even if I follow the documentation placed on the search guard website I am not able to set up a roles for users to restrict some information from fields in index.
Here is my code from sg_roles.yml file.
sg_test_role:
readonly: true
cluster:
indices:
‘?kibana’:
‘*’:
‘logstash*’:
‘date’:
fls:
``
sg_internal_user.yml
test:
hash: $2y$12$h5U8W0qHQgYPjVyVdFgCXOY4zyAwUjQKrceq5jVWmdxVriSvW.eY2 ← it’s not a plain text at least XD
roles:
``
I have also added the created role to sg_roles_mapping.yml
sg_test_role:
readonly: true
users:
``
- Search Guard and Elasticsearch version: 6.3.2
- Installed and used enterprise modules, if any: none
Do you have any advice for me to solve the problem with this topic?
You are running the community version (="No license required because enterprise modules not enabled.") which is free and ASL2 licensed but does not support field level security because this is enterprise feature.
If you need this feature pls contact us for a quote: Contact the Search Guard team - get in touch with us
See Search Guard Security | Securing your Elasticsearch cluster with Search Guard for a community, enterprise and compliance feature comparison.
···
Am 24.09.2018 um 13:36 schrieb Tomasz Dobrowolski <tomasz.dobrowolski95@gmail.com>:
{"_nodes":{"total":1,"successful":1,"failed":0},"cluster_name":"elasticsearch","sg_license":{"msgs":["No license required because enterprise modules not enabled."],"license_required":false},"modules":{"HTTP_BASIC_AUTHENTICATOR":{"default_implementation":"com.floragunn.searchguard.http.HTTPBasicAuthenticator","gitsha1":"83d227fe7b4ef6d41e4c8a78b0a12a5723785ee6","buildTime":"2018-08-12T15:47:01Z","is_enterprise":"false","actual_implementation":"com.floragunn.searchguard.http.HTTPBasicAuthenticator","description":"HTTP Basic Authenticator","type":"HTTP_BASIC_AUTHENTICATOR","version":"6.3.2-23.0"},"INTERNAL_USERS_AUTHENTICATION_BACKEND":{"default_implementation":"com.floragunn.searchguard.auth.internal.InternalAuthenticationBackend","gitsha1":"83d227fe7b4ef6d41e4c8a78b0a12a5723785ee6","buildTime":"2018-08-12T15:47:01Z","is_enterprise":"false","actual_implementation":"com.floragunn.searchguard.auth.internal.InternalAuthenticationBackend","description":"Internal users authentication backend","type":"INTERNAL_USERS_AUTHENTICATION_BACKEND","version":"6.3.2-23.0"}},"compatibility":{"modules_mismatch":false}}
Tutaj wprowadź kod...
This message is shown in my browser when I enter this site.
W dniu poniedziałek, 24 września 2018 09:53:31 UTC+2 użytkownik Tomasz Dobrowolski napisał:
Hello,
I am writing with an issue connected with fls. The problem is that even if I follow the documentation placed on the search guard website I am not able to set up a roles for users to restrict some information from fields in index.
Here is my code from sg_roles.yml file.
sg_test_role:
readonly: true
cluster:
- INDICES_MONITOR
- CLUSTER_COMPOSITE_OPS_RO
indices:
'?kibana':
'*':
- INDEX
- READ
'logstash*':
'date':
- 'READ'
_fls_:
- '~@timestamp'
sg_internal_user.yml
test:
hash: $2y$12$h5U8W0qHQgYPjVyVdFgCXOY4zyAwUjQKrceq5jVWmdxVriSvW.eY2 <- it's not a plain text at least XD
roles:
- test_role
I have also added the created role to sg_roles_mapping.yml
sg_test_role:
readonly: true
users:
- test
* Search Guard and Elasticsearch version: 6.3.2
* Installed and used enterprise modules, if any: none
* JRE 1.8.0_181-b13
Do you have any advice for me to solve the problem with this topic?
--
You received this message because you are subscribed to the Google Groups "Search Guard Community Forum" group.
To unsubscribe from this group and stop receiving emails from it, send an email to search-guard+unsubscribe@googlegroups.com.
To post to this group, send email to search-guard@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/71860021-3080-4caf-b2d1-3b7dae6d7183%40googlegroups.com\.
For more options, visit https://groups.google.com/d/optout\.