diff --git a/plugin/src/main/java/org/elasticsearch/xpack/security/authz/accesscontrol/FieldExtractor.java b/plugin/src/main/java/org/elasticsearch/xpack/security/authz/accesscontrol/FieldExtractor.java
index 28aa7c69a01..a19f1029d64 100644
--- a/plugin/src/main/java/org/elasticsearch/xpack/security/authz/accesscontrol/FieldExtractor.java
+++ b/plugin/src/main/java/org/elasticsearch/xpack/security/authz/accesscontrol/FieldExtractor.java
@@ -5,6 +5,7 @@
  */
 package org.elasticsearch.xpack.security.authz.accesscontrol;
 
+import org.apache.lucene.index.PrefixCodedTerms.TermIterator;
 import org.apache.lucene.search.BooleanClause;
 import org.apache.lucene.search.BooleanQuery;
 import org.apache.lucene.search.DisjunctionMaxQuery;
@@ -19,6 +20,7 @@ import org.apache.lucene.search.PointInSetQuery;
 import org.apache.lucene.search.PointRangeQuery;
 import org.apache.lucene.search.Query;
 import org.apache.lucene.search.SynonymQuery;
+import org.apache.lucene.search.TermInSetQuery;
 import org.apache.lucene.search.TermQuery;
 import org.apache.lucene.search.Weight;
 import org.apache.lucene.search.spans.SpanTermQuery;
@@ -88,6 +90,14 @@ class FieldExtractor {
             } catch (UnsupportedOperationException e) {
                 extractFields(((IndexOrDocValuesQuery) query).getIndexQuery(), fields);
             }
+        } else if (query instanceof TermInSetQuery) {
+            // TermInSetQuery#field is inaccessible
+            TermInSetQuery termInSetQuery = (TermInSetQuery) query;
+            TermIterator termIterator = termInSetQuery.getTermData().iterator();
+            // there should only be one field
+            if (termIterator.next() != null) {
+                fields.add(termIterator.field());
+            }
         } else if (query instanceof MatchAllDocsQuery) {
             // no field
         } else if (query instanceof MatchNoDocsQuery) {
diff --git a/plugin/src/test/java/org/elasticsearch/xpack/security/authz/accesscontrol/FieldExtractorTests.java b/plugin/src/test/java/org/elasticsearch/xpack/security/authz/accesscontrol/FieldExtractorTests.java
index aca79f831d7..4f8a54f8678 100644
--- a/plugin/src/test/java/org/elasticsearch/xpack/security/authz/accesscontrol/FieldExtractorTests.java
+++ b/plugin/src/test/java/org/elasticsearch/xpack/security/authz/accesscontrol/FieldExtractorTests.java
@@ -21,8 +21,10 @@ import org.apache.lucene.search.MultiPhraseQuery;
 import org.apache.lucene.search.PhraseQuery;
 import org.apache.lucene.search.Query;
 import org.apache.lucene.search.SynonymQuery;
+import org.apache.lucene.search.TermInSetQuery;
 import org.apache.lucene.search.TermQuery;
 import org.apache.lucene.search.spans.SpanTermQuery;
+import org.apache.lucene.util.BytesRef;
 import org.elasticsearch.test.ESTestCase;
 
 import java.util.Arrays;
@@ -113,6 +115,12 @@ public class FieldExtractorTests extends ESTestCase {
         assertEquals(asSet("foo"), fields);
     }
     
+    public void testTermInSet() {
+        Set<String> fields = new HashSet<>();
+        FieldExtractor.extractFields(new TermInSetQuery("foo", new BytesRef("baz"), new BytesRef("baz2")), fields);
+        assertEquals(asSet("foo"), fields);
+    }
+
     public void testMatchAllDocs() {
         Set<String> fields = new HashSet<>();
         FieldExtractor.extractFields(new MatchAllDocsQuery(), fields);