Prevent access for users with DLS/FLS to the failure store #124634
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Failure store collects ingestion and mapping related failures when documents are written to a data stream. Indexing can fail and be captured in the failure store at any point in the ingest process. The fields may not have been dropped or sanitized during ingestion processing, or the document may not be in the form expected by document/field-level security rules, either of which may lead to the document exposing sensitive information that would otherwise not be exposed if the document was successfully processed and ingested. Since the DLS/FLS may not be applicable in the expected way, we here prevent access to the failure store for all users that have DLS/FLS restrictions.
slobodanadamovic
added
>non-issue
:Security/Security
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Failure store collects ingestion and mapping related failures when documents are written to a data stream. Indexing can fail and be captured in the failure store at any point in the ingest process.
The fields may not have been dropped or sanitized during ingestion processing, or the document may not be in the form expected by document/field-level security rules, either of which may lead to the document exposing sensitive information that would otherwise not be exposed if the document was successfully processed and ingested.
Since the DLS/FLS may not be applicable in the expected way, we here prevent access to the failure store for all users that have DLS/FLS restrictions.