[Feature Request] Field level security: Filter out fields/sourceparts from a search response

Hi all,
we are very happy with ROR so far.
I now have one problem left, which I have to solve.
I have an index, where two groups have access to.
But one of this group should not be able to see all fields and/or its values.
Either they should not see the fields with its values at all, or for this group only, the fields should be anonymized.
Is this possible with ROR?

Index: testindex
Fields: value
a: hello
b: this
c: is
d: dog

Group 1 should see all fields with all values. Group 2 shall just see:
a: hello
d: dog


a: hello
b: anonymized
c: anonymized
d: dog

If it is not possible, any other idea to solve this in elastic stack 5? On elastic 3, it was able to use _source_exclude=xyz as an URL parameter and in elastic 5 x-pack it is called “Field Level Access” and Part of the security


Have you tried this? Aliases API | Elasticsearch Guide [8.6] | Elastic

Hi Simone,
thanks for reply.
Unfortunately this will not work, because it only filters on document level, but not on field level.
I get the subset, but with all fields. see the field “bla” in the example. We want to hide or anonymize the “bla” field.
sth. like this :slight_smile: Setting Up Field and Document Level Security | Shield [2.4] | Elastic

POST test1/2
“user”: “kimchy”,
“bla”: “blubb2”

POST /_aliases
            "actions" : [
                    "add" : {
                         "index" : "test1",
                         "alias" : "alias2",
                         "filter" : { "term" : { "user" : "kimchy" } }

Get alias2/_search

        "_index": "test1",
        "_type": "2",
        "_id": "AV-grcsOtuOD8z6DhI1Q",
        "_score": 1,
        "_source": {
          "user": "kimchy",
          "bla": "blubb2"

As it is not supported yet, I officially want to make a feature request of it :slight_smile:

Yeah this is in the pipeline already, yet another customer required this yesterday. However, I need to bring the Kibana plugin up to speed with 6.0, then fix the “msearch” issue, and deploy the new website updates and commercial offers before thinking about this enhancement.

Hi all, this is now available in the pre builds, who wants to test it? :slight_smile: