[Feature Request] Field level security: Filter out fields/sourceparts from a search response


(Marcus Caepio) #1

Hi all,
we are very happy with ROR so far.
I now have one problem left, which I have to solve.
Situation:
I have an index, where two groups have access to.
But one of this group should not be able to see all fields and/or its values.
Either they should not see the fields with its values at all, or for this group only, the fields should be anonymized.
Is this possible with ROR?

Example:
Index: testindex
Fields: value
a: hello
b: this
c: is
d: dog

Group 1 should see all fields with all values. Group 2 shall just see:
a: hello
d: dog

or

a: hello
b: anonymized
c: anonymized
d: dog

If it is not possible, any other idea to solve this in elastic stack 5? On elastic 3, it was able to use _source_exclude=xyz as an URL parameter and in elastic 5 x-pack it is called “Field Level Access” and Part of the security

Regards,
Marcus


(Simone Scarduzio) #2

Have you tried this? https://www.elastic.co/guide/en/elasticsearch/reference/current/indices-aliases.html#filtered


(Marcus Caepio) #3

Hi Simone,
thanks for reply.
Unfortunately this will not work, because it only filters on document level, but not on field level.
I get the subset, but with all fields. see the field “bla” in the example. We want to hide or anonymize the “bla” field.
sth. like this :slight_smile: https://www.elastic.co/guide/en/shield/current/setting-up-field-and-document-level-security.html

Example:
POST test1/2
{
“user”: “kimchy”,
“bla”: “blubb2”
}

POST /_aliases
        {
            "actions" : [
                {
                    "add" : {
                         "index" : "test1",
                         "alias" : "alias2",
                         "filter" : { "term" : { "user" : "kimchy" } }
                    }
                }
            ]
        }

Get alias2/_search

{
        "_index": "test1",
        "_type": "2",
        "_id": "AV-grcsOtuOD8z6DhI1Q",
        "_score": 1,
        "_source": {
          "user": "kimchy",
          "bla": "blubb2"
        }

(Marcus Caepio) #4

As it is not supported yet, I officially want to make a feature request of it :slight_smile:


(Simone Scarduzio) #5

Yeah this is in the pipeline already, yet another customer required this yesterday. However, I need to bring the Kibana plugin up to speed with 6.0, then fix the “msearch” issue, and deploy the new website updates and commercial offers before thinking about this enhancement.


(Simone Scarduzio) #6

Hi all, this is now available in the pre builds, who wants to test it? :slight_smile: