I am setting department list as comma separated values in a String in an user attribute Department. I need to set DLS in role to accept Department values dynamically from user attribute to filter accordingly. How to do that? what will be the DLS query for that?
Hi @sayalipatil9689,
What version of OpenSearch and OpenSearch Dashboards do you use?
Also, could you please share the output of the following command?
GET _plugins/_security/api/internalusers/<username>
I am using opensearch 1.27 version
{
“spl”: {
“hash”: “”,
“reserved”: false,
“hidden”: false,
“backend_roles”: [
“”
],
“attributes”: {
“Department”: “GSG00001,GSG00002”,
“Industry”: “MDMIND00004”
},
“opendistro_security_roles”: ,
“static”: false
}
}
This is the output
Hi @sayalipatil9689 ,
- You have to change your value of the attribute. Every item of the list has to be with double quotation marks as in the example below:
Document-level security - OpenSearch Documentation
- To match the user’s attribute value to the field’s value in a document, you can use the following DLS query in your role’s configuration. In my lab, I created
departmentparameter as a keyword type.
{
"bool": {
"must": {
"terms": {
"department": [${attr.internal.department}]
}
}
}
}
1 Like
Thank you. It worked this way.