在Elastic中,您可以创建角色。对于相同的索引,我想创建一个角色来显示某些字段,对于另一个角色,我想创建一些隐藏的字段。
为此,我在文档“field_security”中发现了这一点。
https://www.elastic.co/guide/en/elastic-stack-overview/7.3/field-level-security.html
目前我在Docker容器中使用Elastic + Kibana版本7.3.1
我对create role的要求是:
POST /_security/role/myNewRole
{
"cluster": ["all"],
"indices": [
{
"names": [ "twitter" ],
"privileges": ["all"],
"field_security" : {
"grant" : [ "user", "password" ]
}
}
]
}
响应是:
{
"error": {
"root_cause": [
{
"type": "security_exception",
"reason": "current license is non-compliant for [field and document level security]",
"license.expired.feature": "field and document level security"
}
],
"type": "security_exception",
"reason": "current license is non-compliant for [field and document level security]",
"license.expired.feature": "field and document level security"
},
"status": 403
}
我按要求检查了许可证:
{
"license" : {
"status" : "active",
"uid" : "864f625a-fc7a-41de-91f3-c4a64e045a55",
"type" : "basic",
"issue_date" : "2019-09-10T10:04:38.150Z",
"issue_date_in_millis" : 1568109878150,
"max_nodes" : 1000,
"issued_to" : "docker-cluster",
"issuer" : "elasticsearch",
"start_date_in_millis" : -1
}
}
我的 docker 文件
version: '3'
services:
elasticsearch:
image: docker.elastic.co/elasticsearch/elasticsearch:7.3.1
environment:
- cluster.name=docker-cluster
- bootstrap.memory_lock=true
- ELASTIC_PASSWORD=toto
- "ES_JAVA_OPTS=-Xms512m -Xmx512m"
- "discovery.type=single-node"
- "xpack.security.enabled=true"
- "xpack.security.dls_fls.enabled=true"
ulimits:
memlock:
soft: -1
hard: -1
ports:
- "9200:9200"
networks:
- net
volumes:
- esdata1:/usr/share/elasticsearch/data
kibana:
image: docker.elastic.co/kibana/kibana:7.3.1
environment:
- ELASTICSEARCH_USERNAME=elastic
- ELASTICSEARCH_PASSWORD=toto
ports:
- "5601:5601"
networks:
- net
volumes:
esdata1:
driver: local
networks:
net:
如何解决此许可问题?
谢谢
最佳答案
即使基本安全功能是free with a BASIC license,“字段和文档级安全性”也仅适用于Platinum-level users ...和Elastic Cloud用户。
因此,获得此功能的最简单且不太昂贵的方法是subscribe to Elastic Cloud。
关于elasticsearch - 使用field_security创建新角色时出现安全错误,我们在Stack Overflow上找到一个类似的问题:https://stackoverflow.com/questions/57870563/