Hi Simone,
I tried the latest pre release with similar rules like @memelet posted. However, doing the same query, I still see aggregation keys with doc_count 0. Do we have to change the ruleset?
Hi @memelet, this is currently a bug in the whole document level security model of Elasticsearch itself.
I reported this to Elasticsearch security team, they acknowledged the situation and the discussion is still ongoing on what is the best solution.
Unfortunately in order to fix this, substantial changes should be done in how the aggregation work inside the main Elasticsearch code base, and it’s necessary that the actual Elastic’s architects take their decisions.
I will report back as soon as I have more information from them. In the meanwhile I will hide this topic from the forum until we have a solution.