Hi
I need help getting document level security to work on ODFE 1.1 for internal and Active directory integrated users. I tried several combinations but user end up seeing everything .
I have 9 servers with common hostname pattern server01 through server09. I need to create role to only view logs collected from those servers that contain any of 3 text patterns (text1 or text2 or text3).
The DLS rule should show logs that fit query : host server0* and messages contain text1 or text2 or text3 …
Querirs tested :
This query works from DevTools
GET _search
{
“query”: {
“query_string”: {
“query”: “server0* AND text1”,
“fields”: [“host”, “message”]
}
},
“_source”: [“host”,“message”]
}
The following DLS rules passes validation but user assigned this role sees the whole index
Rule 1
{
“bool”: {
“must”: {
“match”: {
“host”: “servers05”
}
}
}
}
Rule 2
{
“bool”: {
“must”: {
“multi_match”: {
“query”:
“query_string”: {
“query”: “servers0* AND text1”,
“fields”: [“host”, “message”]
}
}
}
}
}