Hey all,
I’m trying to setup a simple filter to enable document level security based on department id, but I don’t get it to work. Each document entry has a field “message.departmentId”. The role is created with the query:
PUT _plugins/_security/api/roles/AppReader
{
"index_permissions" : [
{
"index_patterns" : [
"logs-app-*"
],
"dls" : "{\"term\": { \"message.departmentId\": 300}}",
"allowed_actions" : [
"search"
]
}
]
}
The internal user is also mapped to the correct role. But whenever that user does a query like the following:
GET logs-app-*/_search
{
"query": {
"term": {"message.departmentId": 350}
}
}
They still get access to the documents with that id value. Am I missing something in the configuration? I also tried the example of {“bool”:{“must”:{“match”:{“message.departmentId”:300}}}}, but that didn’t work either. Any help would be appreciated!
Opensearch version: 2.0.0
Helmchart version: 2.0.1
Edit: something that might be related, I tried to change the dls mode in opensearch.yml, but this gives the following error: unknown setting [plugins.security.dls.mode] did you mean any of [plugins.security.disabled, plugins.security.audit.type, plugins.security.ssl_only, plugins.security.cert.oid]