FLS restricted fields should not be visible

[PhaedrusTheGreek]

Kibana version:
4.6

Elasticsearch version:
2.4

In the screenshot here, the logged in user doesn’t have access to the “password” field due to an FLS restriction. This is not friendly, since no visualization can really be created by using this field.

May end up being resolved by #6498 if Elasticsearch can somehow provide a more accurate mapping for the logged in user.

Screenshot:

Corresponding FLS Sample:

POST test-index/tester/1
{
  "password" : "secret", 
  "title" : "public_title",
  "body" : "A message body"
}

POST /_shield/role/test_fls_role
{
  "indices": [
    {
      "names": [ ".kibana*"],
      "privileges": ["read", "view_index_metadata"]
    },
    {
      "names": [ "test-index"],
      "privileges": ["read"], 
      "fields": [ "title", "body" ]
    }
  ]
}

POST /_shield/user/es_test
{
  "password" : "es_pass", 
  "roles" : [ "test_fls_role"], 
  "full_name" : "Some Guy"
}

[Bargs]

Yeah, Kibana will definitely need a valid field list from Elasticsearch to accomplish this.

[kobelb]

If the user creating the index pattern doesn't have access to the field via FLS, they're no longer showing up.

[kobelb]

This was reported again with #34334, and I've re-opened the original issue as it applies to all consumers of index patterns.

[elasticmachine]

Pinging @elastic/kibana-app-arch

[elasticmachine]

Pinging @elastic/kibana-security

[Bargs]

A discuss user has reported that this is an issue in the KQL autocomplete and filter bar UI as well.

[mattkime]

No longer needed as field list is no longer cached - #82223 - will be released in 7.11

[legrego]

@mattkime that's fantastic, thanks for your work on this!

[kobelb]

Woo-hoo! Thanks @mattkime