Does ROR (ES) need to be installed on all nodes in a cluster, for Document Level Security to work?
I have a filter like this to only allow documents with the tag “foo”:
filter: '{"query_string":{"query":"tags: foo"}}'
But other documents are returned that doesn’t have this tag.
I can make it work if I run it on a single node cluster, but not in a multi node cluster. In the multi node cluster, Kibana only connects to localhost (coordinating node) and no other nodes.
This thread regarding Field Level Security, seems to indicate that ROR needs to be installed on all nodes:
I am running ES/Kibana 6.3.2 and ROR 1.6.23/ROR_kbn_enterprise 1.16.23.
The filter and fields rule modify the behaviour of the default Lucene reader. This means that yes, you need to have ROR in all nodes in which you have data if you need to use one of these rules.