Briefly, this error occurs when there is an incorrect configuration in the roles file of Elasticsearch. This could be due to syntax errors or unsupported settings, particularly related to document and field level security. To resolve this issue, you should first check the roles file for any syntax errors or unsupported settings. Ensure that the role definitions are correctly formatted and that all necessary fields are included. If the error persists, you may need to update your Elasticsearch version as some features may not be supported in older versions.
This guide will help you check for common problems that cause the log ” invalid role definition [{}] in roles file [{}]. document and field level security is not ” to appear. To understand the issues related to this log, read the explanation below about the following Elasticsearch concepts: plugin.
Log Context
Log “invalid role definition [{}] in roles file [{}]. document and field level security is not ” classname is FileRolesStore.java.
We extracted the following from Elasticsearch source code for those seeking an in-depth context :
NamedXContentRegistry xContentRegistry) {
String roleName = descriptor.getName();
// first check if FLS/DLS is enabled on the role...
if (descriptor.isUsingDocumentOrFieldLevelSecurity()) {
if (XPackSettings.DLS_FLS_ENABLED.get(settings) == false) {
logger.error("invalid role definition [{}] in roles file [{}]. document and field level security is not " +
"enabled. set [{}] to [true] in the configuration file. skipping role..."; roleName; path
.toAbsolutePath(); XPackSettings.DLS_FLS_ENABLED.getKey());
return null;
} else if (xContentRegistry != null) {
try {
