Challenge - 5 Problems
Elasticsearch Security Master
Get all challenges correct to earn this badge!
Test your skills under time pressure!
❓ Predict Output
intermediate2:00remaining
What is the output of this Elasticsearch query with field level security?
Given the following role definition that restricts access to only the
title and author fields, what fields will be returned in the search results?Elasticsearch
{
"indices": [
{
"names": ["books"],
"privileges": ["read"],
"field_security": {
"grant": ["title", "author"]
}
}
]
}
Search query:
GET /books/_search
{
"query": { "match_all": {} }
}Attempts:
2 left
💡 Hint
Field level security controls which fields are visible in the search results.
✗ Incorrect
The role restricts access to only the
title and author fields, so only these fields appear in the search results regardless of the query.❓ Predict Output
intermediate2:00remaining
What documents are returned with this document level security query?
Given a role with document level security defined as
{ "term": { "status": "published" } }, what documents will the user see when running GET /articles/_search?Elasticsearch
{
"indices": [
{
"names": ["articles"],
"privileges": ["read"],
"query": {
"term": { "status": "published" }
}
}
]
}
Search query:
GET /articles/_search
{
"query": { "match_all": {} }
}Attempts:
2 left
💡 Hint
Document level security filters documents based on the query in the role.
✗ Incorrect
The role's document level security query restricts access to only documents where
status is published, so only those documents appear in results.🔧 Debug
advanced2:00remaining
Why does this role not restrict access to the
salary field as expected?A role is defined to deny access to the
salary field using except in field level security, but users still see the salary field in search results. What is the likely cause?Elasticsearch
{
"indices": [
{
"names": ["employees"],
"privileges": ["read"],
"field_security": {
"except": ["salary"]
}
}
]
}Attempts:
2 left
💡 Hint
Check the official Elasticsearch documentation for supported field security parameters.
✗ Incorrect
Elasticsearch field level security supports only the
grant parameter to specify allowed fields. The except parameter is not valid, so it is ignored and all fields are returned.📝 Syntax
advanced2:00remaining
Which role definition syntax correctly applies document level security to only show documents with
department equal to sales?Choose the correct JSON snippet for the role's
indices section to enforce this document level security.Attempts:
2 left
💡 Hint
Document level security uses the
query field inside the indices section.✗ Incorrect
The correct syntax uses the
query key with a valid Elasticsearch query. Option B uses term query correctly. Option B uses an invalid key. Option B uses an unsupported key. Option B uses match which is valid but less precise than term for exact matches.🚀 Application
expert3:00remaining
How to combine field and document level security to restrict access to
salary field and only active employees?You want to create a role that:
- Allows reading only
name and position fields (hide salary)
- Shows only documents where status is active
Which role definition correctly implements both restrictions?Attempts:
2 left
💡 Hint
Use
grant for allowed fields and query for document filtering.✗ Incorrect
Option A correctly grants only
name and position fields and filters documents with status equal to active. Option A uses unsupported except. Option A grants salary which should be hidden. Option A filters for inactive status, which is incorrect.