The security plugin blocks the update by script operation when FLS/DLS/Masking is active

While in troubleshoot guide it is mention that indexed document can’t be updated by script operation when FLS/DLS/Masking is active but at code level ( security/ at c0b1bacc923891c43d92365d48585bd2ff55b7ec · opendistro-for-elasticsearch/security · GitHub) found all Update calls are blocked by security plugin when fls/dls/masking is enable. Should be upgrade for blocking script query only ?

Welcome @akash_garg!

IIRC, this is a known limitation of these access control features - any update would be problematic. Are you proposing this be blocked only by scripting?

Perhaps others can chime in on why it’s not a great idea.

It is ok to keep the update blocked when someone fires script operation cause then there is no control on access of protected attributes.

General purpose updates without “script” should be fine as they do not compromise data sanctity and also allow those one of document updates.