在Elastic中,您可以创建角色。对于相同的索引,我想创建一个角色来显示某些字段,对于另一个角色,我想创建一些隐藏的字段。

为此,我在文档“field_security”中发现了这一点。
https://www.elastic.co/guide/en/elastic-stack-overview/7.3/field-level-security.html

目前我在Docker容器中使用Elastic + Kibana版本7.3.1

我对create role的要求是:

POST /_security/role/myNewRole
{
  "cluster": ["all"],
  "indices": [
    {
      "names": [ "twitter" ],
      "privileges": ["all"],
      "field_security" : {
        "grant" : [ "user", "password" ]
      }
    }
  ]
}

响应是:
{
  "error": {
    "root_cause": [
      {
        "type": "security_exception",
        "reason": "current license is non-compliant for [field and document     level security]",
        "license.expired.feature": "field and document level security"
      }
    ],
    "type": "security_exception",
    "reason": "current license is non-compliant for [field and document level security]",
    "license.expired.feature": "field and document level security"
  },
  "status": 403
}

我按要求检查了许可证:
{
  "license" : {
    "status" : "active",
    "uid" : "864f625a-fc7a-41de-91f3-c4a64e045a55",
    "type" : "basic",
    "issue_date" : "2019-09-10T10:04:38.150Z",
    "issue_date_in_millis" : 1568109878150,
    "max_nodes" : 1000,
    "issued_to" : "docker-cluster",
    "issuer" : "elasticsearch",
    "start_date_in_millis" : -1
  }
}

我的 docker 文件
version: '3'

services:
  elasticsearch:
    image: docker.elastic.co/elasticsearch/elasticsearch:7.3.1
    environment:
      - cluster.name=docker-cluster
      - bootstrap.memory_lock=true
      - ELASTIC_PASSWORD=toto
      - "ES_JAVA_OPTS=-Xms512m -Xmx512m"
      - "discovery.type=single-node"
      - "xpack.security.enabled=true"
      - "xpack.security.dls_fls.enabled=true"
    ulimits:
      memlock:
        soft: -1
        hard: -1
    ports:
      - "9200:9200"
    networks:
     - net
    volumes:
      - esdata1:/usr/share/elasticsearch/data

  kibana:
    image: docker.elastic.co/kibana/kibana:7.3.1
    environment:
        - ELASTICSEARCH_USERNAME=elastic
        - ELASTICSEARCH_PASSWORD=toto
    ports:
      - "5601:5601"
    networks:
     - net
volumes:
  esdata1:
    driver: local

networks:
   net:

如何解决此许可问题?

谢谢

最佳答案

即使基本安全功能是free with a BASIC license,“字段和文档级安全性”也仅适用于Platinum-level users ...和Elastic Cloud用户。

因此,获得此功能的最简单且不太昂贵的方法是subscribe to Elastic Cloud

关于elasticsearch - 使用field_security创建新角色时出现安全错误,我们在Stack Overflow上找到一个类似的问题:https://stackoverflow.com/questions/57870563/

10-11 09:08