Empty document-level security statement causes filtering of results

Faiglindra · November 15, 2022, 9:25am

Versions:
OpenSearch 1.3 on AWS
OpenSearchDashboards 1.3.2

Describe the issue:

I have a question or maybe an issue regarding document-level security statement in role definitons.

I have a user mapped to a role. The role allows read (and more) on an index pattern. The role has no document level security statement defined. As this is optional I expect to have full read access to the indices matching the pattern, but rather to opposite is the case. There is no hit when executing a simple search.

Only if adding a document level security statement that matches all documents, like so:

{ 
  "wildcard":
  {
    "project": "*"
   }
}

where project is a field in my documents, I get the expected results.

From documentation I would always expect that non existing document level security statement does mean no filtering at all and not that everything is filtered. Or not?

pablo · October 27, 2023, 2:16pm

@Faiglindra Would you mind sharing roles.yml and roles_mapping.yml?
Please also share the roles assigned to the test user.

Topic		Replies	Views
Document level security - filter does not work Security troubleshoot , configure	4	480	June 1, 2022
Error when specify Document Level Security query in roles Security troubleshoot , upgrade	12	718	August 1, 2022
Issue with DLS (Document Level Security) Security	2	385	November 2, 2022
Document Level Security fails with nested documents Security	3	1152	June 18, 2021
Adding document level security doesnt let user login to dashboard Security	3	244	September 25, 2024

Empty document-level security statement causes filtering of results

Related topics