I have the following requirement:
I have an index with each document having three fields (report_content, area, cost).
The area field can be (east, south, north, west). I created four roles each representing an area.
Now, I want any user to be able to see all documents and their fields except the cost. The cost must be visible only if the user is added to the correct role. For example, a user added to the east role will see the cost corresponding to the eastern area documents.
I was not able to find a way to do the above in OpenSearch. Field level security either completely hides or completely shows the field regardless of the value in the area field.
I appreciate your help here.
Hey so what you are looking to do is currently not supported as I understand. That is kind of conditional field level security which doesn’t exist as far as I am aware of.
One option is to nest the cost into a subfield that contains that region. Here is what that could look like:
That way you can build roles that only permit people to see their perspective regions cost but you can still aggregate the field by pulling region_*.cost.
Is there any plan to support conditional field level security?
@asfoorial so I don’t see anything on the roadmap for it at the moment. If you would like you can open a feature request for it on the plugin below. On the request describe what you are trying to achieve in more general terms and how it could be useful for others.