Field-Level Security for Search/Aggregate

jojo · October 23, 2019, 7:15pm

Is there any way to get field-level security to allow/disallow searching / aggregating against specific fields? I’ve tried setting up OpenDistro and create a test user/role, but all I can manage is to hide the field from _source as it’s returned. What I would like to be able to do is to restrict which fields a specific user can search through.

My use-case is that I have an index with different fields that different tiers of users can / can not search. My current approach is to create two indices with the different sets of fields that the user can query.

pakshi · May 11, 2021, 10:35pm

Hi,
Are you still looking for a solution for this?
We offer document/ field level encryption based security that we can re-purpose as ACL type solution.
Please reach out if you are still looking.

Anthony · May 25, 2021, 2:59pm

Hi @jojo Did you get this resolved?

I’ve just tested usng odfe 1.13.0 and the user is not able to search using fields that are hidden by fls.

If you are still having this issue can you confirm which version of odfe you are using?

Topic		Replies	Views
Does Field Level "fully searchable encryption" make sense? This is for breach-proofing the index Security	5	969	May 12, 2021
Searchable Field Level Security Security	3	736	May 11, 2021
How to apply field level security on specific documents? Security	4	708	February 5, 2021
Clarification is sought on the functionality sequence of order execution for document level security, field level security and field masking Security	3	258	March 12, 2024
Configure document level security Security	1	827	May 17, 2021

Field-Level Security for Search/Aggregate

Related topics