在 elasticsearch 的开放发行版中创建角色的问题
[英]Problem with creating roles in open-distro for elasticsearch
问题描述
I have 2 roles that are assigned to one user.
我有 2 个角色分配给一个用户。 In the first role, I include field name for documents which have _id 1 and 2在第一个角色中,我包含具有 _id 1 和 2 的文档的字段名称
{
"index_permissions": [
{
"index_patterns": [
"test"
],
"dls": "{\n \"terms\": {\n \"_id\": [ \"1\", \"2\"] \n }\n}\n\n",
"fls": [
"name"
],
"masked_fields": [],
"allowed_actions": [
"get",
"crud"
]
}
],
"tenant_permissions": [],
"cluster_permissions": [
"*"
]
}
and in the second role, I include field job_description for document which have _id 3在第二个角色中,我为具有 _id 3 的文档包含字段 job_description
{
"index_permissions": [
{
"index_patterns": [
"test"
],
"dls": "{\n \"terms\": {\n \"_id\": [\"3\"] \n }\n}\n",
"fls": [
"job_description"
],
"masked_fields": [],
"allowed_actions": []
}
],
"tenant_permissions": [],
"cluster_permissions": []
}
when I try to get data from the index it shows me job_description and name in all documents,当我尝试从索引中获取数据时,它会在所有文档中显示 job_description 和 name,
{
"took" : 237,
"timed_out" : false,
"_shards" : {
"total" : 1,
"successful" : 1,
"skipped" : 0,
"failed" : 0
},
"hits" : {
"total" : {
"value" : 3,
"relation" : "eq"
},
"max_score" : 2.0,
"hits" : [
{
"_index" : "test",
"_type" : "_doc",
"_id" : "1",
"_score" : 2.0,
"_source" : {
"name" : "John",
"job_description" : "Systems administrator and Linux specialist"
}
},
{
"_index" : "test",
"_type" : "_doc",
"_id" : "2",
"_score" : 2.0,
"_source" : {
"name" : "John",
"job_description" : "Systems administrator and Linux specialist"
}
},
{
"_index" : "test",
"_type" : "_doc",
"_id" : "3",
"_score" : 2.0,
"_source" : {
"name" : "John",
"job_description" : "Systems administrator and Linux specialist"
}
}
]
}
}
but I want to see the only name in two firs records and only job_description in 3 document like that但我想在两个第一条记录中看到唯一的名字,在 3 个这样的文档中只有 job_description
{
"took" : 237,
"timed_out" : false,
"_shards" : {
"total" : 1,
"successful" : 1,
"skipped" : 0,
"failed" : 0
},
"hits" : {
"total" : {
"value" : 3,
"relation" : "eq"
},
"max_score" : 2.0,
"hits" : [
{
"_index" : "test",
"_type" : "_doc",
"_id" : "1",
"_score" : 2.0,
"_source" : {
"name" : "John",
}
},
{
"_index" : "test",
"_type" : "_doc",
"_id" : "2",
"_score" : 2.0,
"_source" : {
"name" : "John",
}
},
{
"_index" : "test",
"_type" : "_doc",
"_id" : "3",
"_score" : 2.0,
"_source" : {
"job_description" : "Systems administrator and Linux specialist"
}
}
]
}
}
does anyone know how to do it?有人知道怎么做吗?
1 个解决方案
解决方案1
0 2021-04-09 17:20:43
DLS and FLS do not work in conjunction like that. DLS 和 FLS 不能这样协同工作。
DLS is used to only return back a subset of search response based on the DLS query, whereas FLS is used to only include or exclude certain fields from the search response returned from elasticsearch. DLS 用于仅根据 DLS 查询返回搜索响应的子集,而 FLS 用于仅在从 elasticsearch 返回的搜索响应中包含或排除某些字段。
All the DLS queries are combined (OR condition) and similarly all FLS input is combined (AND condition) for a user that contains multiple such configurations.对于包含多个此类配置的用户,所有 DLS 查询都被组合(OR 条件),并且类似地,所有 FLS 输入都被组合(AND 条件)。
In your case, you have two DLS and two FLS query.在您的情况下,您有两个 DLS 和两个 FLS 查询。 The two DLS queries will work as OR conditions, in your case it will return back documents matching 1,2 or 3 doc_id.这两个 DLS 查询将用作 OR 条件,在您的情况下,它将返回匹配 1,2 或 3 doc_id 的文档。 Similarly, both name and job_description will be returned back.同样, name 和 job_description 都将返回。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.