Using index patterns for DLS

ofershar · June 3, 2021, 2:34pm

Hi,

Suppose I need to restrict access to documents that reside in multiple indices, using a DLS query on fields common to all the documents. Can it can be defined using a wildcard in the index_patterns?

For example, for indices named ‘humanresources_one’ & ‘humanresources_two’ with a common field ‘manager’:

hr_employee:
index_permissions:
- index_patterns:
- ‘humanresources_*’
allowed_actions:
- …
dls: ‘{“term” : {“manager” : ${user.name|toJson}}}’

If so, is there any performance penalty to defining it this way, rather than defining specifically
for each of the indices as below?

hr_employee:
index_permissions:
- index_patterns:
- ‘humanresources_one’
- ‘humanresources_two’
allowed_actions:
- …
dls: ‘{“term” : {“manager” : ${user.name|toJson}}}’

Thanks,
Ofer Sharon

sirHusky · June 3, 2021, 3:10pm

Hi @ofershar The impact is negligible as long as the wildcard is at the end of the index pattern. Hope this helps

system · June 24, 2021, 3:11pm

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Add capability to define exclude_patterns in sg_roles.yml Feature Requests	3	669	November 4, 2020
Alias permissions on index_pattern else than "*" possible? Search Guard	3	1547	October 19, 2020
Exclude Role from Access to Multiple Indices Search Guard	5	1086	August 13, 2020
Restrict Admin access to index Search Guard	3	332	September 27, 2021
Adding regex index permissions to role via kibana GUI Search Guard	4	716	September 4, 2020

Using index patterns for DLS

Related Topics