Problem with filtering fields in index using field level security

Hello,

I am writing with an issue connected with fls. The problem is that even if I follow the documentation placed on the search guard website I am not able to set up a roles for users to restrict some information from fields in index.

Here is my code from sg_roles.yml file.

sg_test_role:

readonly: true

cluster:

  • INDICES_MONITOR

  • CLUSTER_COMPOSITE_OPS_RO

indices:

‘?kibana’:

‘*’:

  • INDEX

  • READ

‘logstash*’:

‘date’:

  • ‘READ’

fls:

  • ‘~@timestamp’

``

sg_internal_user.yml

test:

hash: $2y$12$h5U8W0qHQgYPjVyVdFgCXOY4zyAwUjQKrceq5jVWmdxVriSvW.eY2 <- it’s not a plain text at least XD

roles:

  • test_role

``

I have also added the created role to sg_roles_mapping.yml

sg_test_role:

readonly: true

users:

  • test

``

  • Search Guard and Elasticsearch version: 6.3.2

  • Installed and used enterprise modules, if any: none

  • JRE 1.8.0_181-b13

Do you have any advice for me to solve the problem with this topic?

When you write:

  • Installed and used enterprise modules, if any: none

Does it mean you run the Community Edition? DLS/FLS is an enterprise feature.

You can check what version and modules you are running by visiting the /_searchguard/license endpoint.

···

On Monday, September 24, 2018 at 9:53:31 AM UTC+2, Tomasz Dobrowolski wrote:

Hello,

I am writing with an issue connected with fls. The problem is that even if I follow the documentation placed on the search guard website I am not able to set up a roles for users to restrict some information from fields in index.

Here is my code from sg_roles.yml file.

sg_test_role:

readonly: true

cluster:

  • INDICES_MONITOR
  • CLUSTER_COMPOSITE_OPS_RO

indices:

‘?kibana’:

‘*’:

  • INDEX
  • READ

‘logstash*’:

‘date’:

  • ‘READ’

fls:

  • ‘~@timestamp’

``

sg_internal_user.yml

test:

hash: $2y$12$h5U8W0qHQgYPjVyVdFgCXOY4zyAwUjQKrceq5jVWmdxVriSvW.eY2 <- it’s not a plain text at least XD

roles:

  • test_role

``

I have also added the created role to sg_roles_mapping.yml

sg_test_role:

readonly: true

users:

  • test

``

  • Search Guard and Elasticsearch version: 6.3.2
  • Installed and used enterprise modules, if any: none
  • JRE 1.8.0_181-b13

Do you have any advice for me to solve the problem with this topic?

{"_nodes":{"total":1,"successful":1,"failed":0},"cluster_name":"elasticsearch","sg_license":{"msgs":["No license required because enterprise modules not enabled."],"license_required":false},"modules":{"HTTP_BASIC_AUTHENTICATOR":{"default_implementation":"com.floragunn.searchguard.http.HTTPBasicAuthenticator","gitsha1":"83d227fe7b4ef6d41e4c8a78b0a12a5723785ee6","buildTime":"2018-08-12T15:47:01Z","is_enterprise":"false","actual_implementation":"com.floragunn.searchguard.http.HTTPBasicAuthenticator","description":"HTTP Basic Authenticator","type":"HTTP_BASIC_AUTHENTICATOR","version":"6.3.2-23.0"},"INTERNAL_USERS_AUTHENTICATION_BACKEND":{"default_implementation":"com.floragunn.searchguard.auth.internal.InternalAuthenticationBackend","gitsha1":"83d227fe7b4ef6d41e4c8a78b0a12a5723785ee6","buildTime":"2018-08-12T15:47:01Z","is_enterprise":"false","actual_implementation":"com.floragunn.searchguard.auth.internal.InternalAuthenticationBackend","description":"Internal users authentication backend","type":"INTERNAL_USERS_AUTHENTICATION_BACKEND","version":"6.3.2-23.0"}},"compatibility":{"modules_mismatch":false}}

Tutaj wprowadź kod…

``

This message is shown in my browser when I enter this site.

W dniu poniedziałek, 24 września 2018 09:53:31 UTC+2 użytkownik Tomasz Dobrowolski napisał:

···

Hello,

I am writing with an issue connected with fls. The problem is that even if I follow the documentation placed on the search guard website I am not able to set up a roles for users to restrict some information from fields in index.

Here is my code from sg_roles.yml file.

sg_test_role:

readonly: true

cluster:

  • INDICES_MONITOR
  • CLUSTER_COMPOSITE_OPS_RO

indices:

‘?kibana’:

‘*’:

  • INDEX
  • READ

‘logstash*’:

‘date’:

  • ‘READ’

fls:

  • ‘~@timestamp’

``

sg_internal_user.yml

test:

hash: $2y$12$h5U8W0qHQgYPjVyVdFgCXOY4zyAwUjQKrceq5jVWmdxVriSvW.eY2 <- it’s not a plain text at least XD

roles:

  • test_role

``

I have also added the created role to sg_roles_mapping.yml

sg_test_role:

readonly: true

users:

  • test

``

  • Search Guard and Elasticsearch version: 6.3.2
  • Installed and used enterprise modules, if any: none
  • JRE 1.8.0_181-b13

Do you have any advice for me to solve the problem with this topic?

You are running the community version (="No license required because enterprise modules not enabled.") which is free and ASL2 licensed but does not support field level security because this is enterprise feature.
If you need this feature pls contact us for a quote: https://search-guard.com/contacts/

See https://search-guard.com/product/ for a community, enterprise and compliance feature comparison.

···

Am 24.09.2018 um 13:36 schrieb Tomasz Dobrowolski <tomasz.dobrowolski95@gmail.com>:

{"_nodes":{"total":1,"successful":1,"failed":0},"cluster_name":"elasticsearch","sg_license":{"msgs":["No license required because enterprise modules not enabled."],"license_required":false},"modules":{"HTTP_BASIC_AUTHENTICATOR":{"default_implementation":"com.floragunn.searchguard.http.HTTPBasicAuthenticator","gitsha1":"83d227fe7b4ef6d41e4c8a78b0a12a5723785ee6","buildTime":"2018-08-12T15:47:01Z","is_enterprise":"false","actual_implementation":"com.floragunn.searchguard.http.HTTPBasicAuthenticator","description":"HTTP Basic Authenticator","type":"HTTP_BASIC_AUTHENTICATOR","version":"6.3.2-23.0"},"INTERNAL_USERS_AUTHENTICATION_BACKEND":{"default_implementation":"com.floragunn.searchguard.auth.internal.InternalAuthenticationBackend","gitsha1":"83d227fe7b4ef6d41e4c8a78b0a12a5723785ee6","buildTime":"2018-08-12T15:47:01Z","is_enterprise":"false","actual_implementation":"com.floragunn.searchguard.auth.internal.InternalAuthenticationBackend","description":"Internal users authentication backend","type":"INTERNAL_USERS_AUTHENTICATION_BACKEND","version":"6.3.2-23.0"}},"compatibility":{"modules_mismatch":false}}
Tutaj wprowadź kod...

This message is shown in my browser when I enter this site.

W dniu poniedziałek, 24 września 2018 09:53:31 UTC+2 użytkownik Tomasz Dobrowolski napisał:
Hello,

I am writing with an issue connected with fls. The problem is that even if I follow the documentation placed on the search guard website I am not able to set up a roles for users to restrict some information from fields in index.

Here is my code from sg_roles.yml file.
sg_test_role:
  readonly: true
  cluster:
    - INDICES_MONITOR
    - CLUSTER_COMPOSITE_OPS_RO
  indices:
    '?kibana':
      '*':
        - INDEX
        - READ
    'logstash*':
      'date':
        - 'READ'
      _fls_:
        - '~@timestamp'

sg_internal_user.yml
test:
  hash: $2y$12$h5U8W0qHQgYPjVyVdFgCXOY4zyAwUjQKrceq5jVWmdxVriSvW.eY2 <- it's not a plain text at least XD
  roles:
    - test_role

I have also added the created role to sg_roles_mapping.yml
sg_test_role:
  readonly: true
  users:
    - test

* Search Guard and Elasticsearch version: 6.3.2
* Installed and used enterprise modules, if any: none
* JRE 1.8.0_181-b13

Do you have any advice for me to solve the problem with this topic?

--
You received this message because you are subscribed to the Google Groups "Search Guard Community Forum" group.
To unsubscribe from this group and stop receiving emails from it, send an email to search-guard+unsubscribe@googlegroups.com.
To post to this group, send email to search-guard@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/71860021-3080-4caf-b2d1-3b7dae6d7183%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.