Invalid role definition in roles file . document and field level security is not – How to solve related issues

Opster Team

Jan-20, Version: 1.7-8.0

Before you begin reading this guide, we recommend you run Elasticsearch Error Check-Up which can resolve issues that cause many errors.

This guide will help you check for common problems that cause the log ” Invalid role definition in roles file . document and field level security is not ” to appear. To understand the issues related to this log, read the explanation below about the following Elasticsearch concepts: discovery-file and plugin.

Advanced users might want to skip right to the common problems section in each concept or try running the Check-Up to analyze Elasticsearch configuration and help resolve this error.

Log Context

Log “Invalid role definition [{}] in roles file [{}]. document and field level security is not” classname is FileRolesStore.java.
We extracted the following from Elasticsearch source code for those seeking an in-depth context :

         String roleName = descriptor.getName();
        // first check if FLS/DLS is enabled on the role...
        for (RoleDescriptor.IndicesPrivileges privilege : descriptor.getIndicesPrivileges()) {
            if ((privilege.getQuery() != null || privilege.getGrantedFields() != null || privilege.getDeniedFields() != null)
                    && XPackSettings.DLS_FLS_ENABLED.get(settings) == false) {
                logger.error("invalid role definition [{}] in roles file [{}]. document and field level security is not " +
                        "enabled. set [{}] to [true] in the configuration file. skipping role..."; roleName; path
                        .toAbsolutePath(); XPackSettings.DLS_FLS_ENABLED.getKey());
                return null;
            }
        }




 

Watch product tour

Watch how AutoOps finds & fixes Elasticsearch problems

Analyze Your Cluster
Skip to content