How to use user attributes
23 views
Skip to first unread message
Venkata Naresh
Feb 11, 2019, 11:42:21 AM2/11/19
to search...@googlegroups.com
When asking questions, please provide the following information:
* Search Guard and Elasticsearch version
6.4.3
* Installed and used enterprise modules, if any
* JVM version and operating system version
1.8.0_181
* Search Guard configuration files
* Elasticsearch log messages on debug level
* Other installed Elasticsearch or Kibana plugins, if any
Hi,
I want to try DLS in SG. My requirement is, from the user I will get USERNAME,PASSWORD and USERID. So when the user login we want to show the kibana dashboard based on the USERID of the user login. How to apply DLS on USERID parameter. I have seen DLS based on username but I'm not getting how to apply using custom fields.
Also what is the use of User Attributes in SG Internal User Database block.
Thanks
SG
Feb 11, 2019, 4:04:13 PM2/11/19
to search...@googlegroups.com
Did you saw
https://docs.search-guard.com/latest/document-level-security#ldap-and-jwt-user-attributes
https://docs.search-guard.com/latest/troubleshooting-search-guard-user-roles#custom-attributes
Do you use any other authentication/authorization module beside internal user database? (like ldap, jwt, ...)
> Am 11.02.2019 um 17:42 schrieb Venkata Naresh <divi.v...@gmail.com>:
>
> When asking questions, please provide the following information:
>
> * Search Guard and Elasticsearch version
> 6.4.3
> * Installed and used enterprise modules, if any
> * JVM version and operating system version
> 1.8.0_181
> * Search Guard configuration files
> * Elasticsearch log messages on debug level
> * Other installed Elasticsearch or Kibana plugins, if any
>
> Hi,
>
> I want to try DLS in SG. My requirement is, from the user I will get USERNAME,PASSWORD and USERID. So when the user login we will get the client ID and how to apply DLS on client ID parameter. I have seen DLS based on username but I'm not getting how to apply using custom fields.
> You received this message because you are subscribed to the Google Groups "Search Guard Community Forum" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to search-guard...@googlegroups.com.
> To post to this group, send email to search...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/a731ff29-623f-4513-a1b2-a7504bd05dc6%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
https://docs.search-guard.com/latest/document-level-security#ldap-and-jwt-user-attributes
https://docs.search-guard.com/latest/troubleshooting-search-guard-user-roles#custom-attributes
Do you use any other authentication/authorization module beside internal user database? (like ldap, jwt, ...)
> Am 11.02.2019 um 17:42 schrieb Venkata Naresh <divi.v...@gmail.com>:
>
> When asking questions, please provide the following information:
>
> * Search Guard and Elasticsearch version
> 6.4.3
> * Installed and used enterprise modules, if any
> * JVM version and operating system version
> 1.8.0_181
> * Search Guard configuration files
> * Elasticsearch log messages on debug level
> * Other installed Elasticsearch or Kibana plugins, if any
>
> Hi,
>
>
> Also what is the use of User Attributes in SG Internal User Database block.
>
> Thanks
>
> --
> Also what is the use of User Attributes in SG Internal User Database block.
>
> Thanks
>
> You received this message because you are subscribed to the Google Groups "Search Guard Community Forum" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to search-guard...@googlegroups.com.
> To post to this group, send email to search...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/a731ff29-623f-4513-a1b2-a7504bd05dc6%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
Venkata Naresh
Feb 12, 2019, 4:03:12 AM2/12/19
to search...@googlegroups.com
Hi Thanks for your reply. I have seen custom attributes, but my requirement is like this. I will get username, password and userid when the user login, I need to apply DLS on the userid parameter. May I know how this can achieve
SG
Feb 13, 2019, 10:34:18 AM2/13/19
to search...@googlegroups.com
You can use them everywhere in the sg_roles.yml files like ${attr.internal.attribute1} or ${attr_internal_attribute1}. This will then be substituted with the value of the property of the current user.
> Am 12.02.2019 um 10:03 schrieb Venkata Naresh <divi.v...@gmail.com>:
>
> Hi Thanks for your reply. I have seen custom attributes, but I'm not getting how to add these to an user. From the document it was mentioned like
> "custom_attribute_names" : [
> "attr.internal.attribute1",
> "attr.internal.attribute2",
> "attr.internal.attribute3"
> ]
>
> whereas in the SG configuration the attributes were key, value pairs. If my USERID is 1 and its Value is ONE, can I keep 1 and ONE as an attribute?
> If yes, how to access the value using key?
> To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/ca2af408-46cf-433c-8b89-0868838a3bc6%40googlegroups.com.
> Am 12.02.2019 um 10:03 schrieb Venkata Naresh <divi.v...@gmail.com>:
>
> Hi Thanks for your reply. I have seen custom attributes, but I'm not getting how to add these to an user. From the document it was mentioned like
> "custom_attribute_names" : [
> "attr.internal.attribute1",
> "attr.internal.attribute2",
> "attr.internal.attribute3"
> ]
>
> whereas in the SG configuration the attributes were key, value pairs. If my USERID is 1 and its Value is ONE, can I keep 1 and ONE as an attribute?
> If yes, how to access the value using key?
Reply all
Reply to author
Forward
0 new messages