Document Level Security on clusters?


Does ROR (ES) need to be installed on all nodes in a cluster, for Document Level Security to work?

I have a filter like this to only allow documents with the tag “foo”:

filter: '{"query_string":{"query":"tags: foo"}}'

But other documents are returned that doesn’t have this tag.

I can make it work if I run it on a single node cluster, but not in a multi node cluster. In the multi node cluster, Kibana only connects to localhost (coordinating node) and no other nodes.

This thread regarding Field Level Security, seems to indicate that ROR needs to be installed on all nodes:

I am running ES/Kibana 6.3.2 and ROR 1.6.23/ROR_kbn_enterprise 1.16.23.



1 Like

Hi @peter,

The filter and fields rule modify the behaviour of the default Lucene reader. This means that yes, you need to have ROR in all nodes in which you have data if you need to use one of these rules.

1 Like

Thanks for the clarification Simone,

My understanding was that ROR only needs to be installed on the HTTP nodes, and that seems to be the case in most situations.

You might want to update the documentation regarding DLS and TLS, to make this clearer.

Best regards,


1 Like

I completely agree, Peter. Will do this now.

EDIT: documentation updated! Thanks Peter :slight_smile:

1 Like