Example query against the .kibana index where user updated advanced settings.
audit_request_path: /.kibana_7.16.2/_update/config:7.16.2
audit_request_body: {“doc”:{“config”:{“dashboard:defaultDarkTheme”:false},“updated_at”:“2022-04-05T06:45:46.142Z”}}
Is it possible to use DLS or FLS to restrict update permissions, while not blocking update permissions to modify dashboards/visualizations?
Also the kibana docs have the ability to disable access to advanced settings… Advanced Settings | Kibana Guide [7.17] | Elastic
Is this supported by searchguard? Our official support contact has not been able to answer this question.