Class UpdateRequestInterceptor

java.lang.Object
org.elasticsearch.xpack.security.authz.interceptor.UpdateRequestInterceptor
All Implemented Interfaces:
RequestInterceptor

public class UpdateRequestInterceptor extends Object
A request interceptor that fails update request if field or document level security is enabled.

It can be dangerous for users if document where to be update via a role that has fls or dls enabled, because only the fields that a role can see would be used to perform the update and without knowing the user may remove the other fields, not visible for him, from the document being updated.