Problem with filtering fields in index using field level security

[Tomasz Dobrowolski]

Hello,

I am writing with an issue connected with fls. The problem is that even if I follow the documentation placed on the search guard website I am not able to set up a roles for users to restrict some information from fields in index.

Here is my code from sg_roles.yml file.

sg_test_role:

  readonly: true

  cluster:

    - INDICES_MONITOR

    - CLUSTER_COMPOSITE_OPS_RO

  indices:

    '?kibana':

      '*':

        - INDEX

        - READ  

    'logstash*':

      'date':  

        - 'READ'

      _fls_:

        - '~@timestamp'

sg_internal_user.yml

test:

  hash: $2y$12$h5U8W0qHQgYPjVyVdFgCXOY4zyAwUjQKrceq5jVWmdxVriSvW.eY2 <- it's not a plain text at least XD

  roles:

    - test_role

I have also added the created role to sg_roles_mapping.yml

sg_test_role:

  readonly: true

  users:

    - test

* Search Guard and Elasticsearch version: 6.3.2

* Installed and used enterprise modules, if any: none

* JRE 1.8.0_181-b13

Do you have any advice for me to solve the problem with this topic?

[Jochen Kressin]

When you write:

* Installed and used enterprise modules, if any: none

Does it mean you run the Community Edition? DLS/FLS is an enterprise feature.

You can check what version and modules you are running by visiting the /_searchguard/license endpoint.

[Tomasz Dobrowolski]

{"_nodes":{"total":1,"successful":1,"failed":0},"cluster_name":"elasticsearch","sg_license":{"msgs":["No license required because enterprise modules not enabled."],"license_required":false},"modules":{"HTTP_BASIC_AUTHENTICATOR":{"default_implementation":"com.floragunn.searchguard.http.HTTPBasicAuthenticator","gitsha1":"83d227fe7b4ef6d41e4c8a78b0a12a5723785ee6","buildTime":"2018-08-12T15:47:01Z","is_enterprise":"false","actual_implementation":"com.floragunn.searchguard.http.HTTPBasicAuthenticator","description":"HTTP Basic Authenticator","type":"HTTP_BASIC_AUTHENTICATOR","version":"6.3.2-23.0"},"INTERNAL_USERS_AUTHENTICATION_BACKEND":{"default_implementation":"com.floragunn.searchguard.auth.internal.InternalAuthenticationBackend","gitsha1":"83d227fe7b4ef6d41e4c8a78b0a12a5723785ee6","buildTime":"2018-08-12T15:47:01Z","is_enterprise":"false","actual_implementation":"com.floragunn.searchguard.auth.internal.InternalAuthenticationBackend","description":"Internal users authentication backend","type":"INTERNAL_USERS_AUTHENTICATION_BACKEND","version":"6.3.2-23.0"}},"compatibility":{"modules_mismatch":false}}

Tutaj wprowadź kod...

This message is shown in my browser when I enter this site. 

[SG]

You are running the community version (="No license required because enterprise modules not enabled.") which is free and ASL2 licensed but does not support field level security because this is enterprise feature.
If you need this feature pls contact us for a quote: https://search-guard.com/contacts/

See https://search-guard.com/product/ for a community, enterprise and compliance feature comparison.

> --
> You received this message because you are subscribed to the Google Groups "Search Guard Community Forum" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to search-guard...@googlegroups.com.
> To post to this group, send email to search...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/71860021-3080-4caf-b2d1-3b7dae6d7183%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.