Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[FEATURE] Extend field level security #2834

Open
sandervandegeijn opened this issue Jun 5, 2023 · 4 comments
Open

[FEATURE] Extend field level security #2834

sandervandegeijn opened this issue Jun 5, 2023 · 4 comments
Labels
enhancement New feature or request triaged Issues labeled as 'Triaged' have been reviewed and are deemed actionable.

Comments

@sandervandegeijn
Copy link

sandervandegeijn commented Jun 5, 2023

Is your feature request related to a problem?
Field level security is great and essential to our integration infrastructure. Opensearch is connected to our Enterprise Service Bus to consume messages so they can be exposed through an API. A lot of the data is sensitive (personal, GDPR), so FLS provides essential functionality to filter the data a consumer of the API's can consume.

This week we ran into a problem where we came short with field level security. Consider this document:

"_source": {
    "identifier": [
      {
        "identifierCode": "AAAAAA",
        "identifierType": "Accountname"
      },
      {
        "identifierCode": "000000",
        "identifierType": "AccountIdentifier2"
      },
      {
        "identifierCode": "bla@domain.com",
        "identifierType": "userPrincipleName"
      },
      {
        "identifierCode": "blablabla@domain.com",
        "identifierType": "eduPersonPrincipalName"
      }
    ],

If we whitelist the identifier field, it will expose everything under that. What we need is a way to only serve identifierType X and filter out the rest.

What solution would you like?
Extension on the field level security to further filter the data

What alternatives have you considered?
Different data modelling, but it's not always possible. Implement a filtering proxy but then we would split the FLS-configuration over 2 solutions which is architecturally undesirable.

Do you have any additional context?
Add any other context or screenshots about the feature request here.

@sandervandegeijn sandervandegeijn added enhancement New feature or request untriaged Require the attention of the repository maintainers and may need to be prioritized labels Jun 5, 2023
@stephen-crawford
Copy link
Contributor

stephen-crawford commented Jun 5, 2023

[Triage] Hi @ict-one-nl, thank you for filing this issue. To clarify, it sounds like you are looking for a way to "slice" the fields to a more granular level. Is that correct? At the moment, there are some concerns with the integrity of returning sub-fields which have been filtered. Could you provide more context on the implementation you would like to see?

Edit: Pending your findings :)

@stephen-crawford stephen-crawford added triaged Issues labeled as 'Triaged' have been reviewed and are deemed actionable. and removed untriaged Require the attention of the repository maintainers and may need to be prioritized labels Jun 5, 2023
@peternied
Copy link
Member

Capturing part of the discussion during the triage meeting. I think we should support any filtering off of the mapping definition of the index. See Index Mapping for how to look these up on an index.

If we did want to support additional filtering / logic I think it would be better supported via a different implementation such as View, see the following generic proposal

@sandervandegeijn
Copy link
Author

Tip from Andrej at the triage meeting: look into using nested fields. Will investigate.

@sandervandegeijn
Copy link
Author

sandervandegeijn commented Jun 5, 2023

Hmm, I tried a sample setup based on Andrej's suggestion:

PUT nestedtest
{
  "mappings": {
    "properties": {
      "user": {
        "type": "nested",
        "include_in_parent": true
      }
    }
  }
}

PUT nestedtest/_doc/1
{
  "group" : "fans",
  "user" : [ 
    {
      "first" : "John",
      "last" :  "Smith"
    },
    {
      "first" : "Alice",
      "last" :  "White"
    }
  ]
}

I'm not able to provide a FLS entry that would only allow me the entry under user where the name is John and not Alice. Can someone point me in the right direction? :)

To elaborate; sometimes we don't have control over what data is provided, but we need to filter out sensitive data. In the case of the first post one of the identifiers was considered sensitive data. We would like to filter the output so that only the insensitive data will be returned.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request triaged Issues labeled as 'Triaged' have been reviewed and are deemed actionable.
Projects
None yet
Development

No branches or pull requests

3 participants