We’re looking at the posibility of implementing a sort of ELK hotel service at our corporation using Search Guard for ACLs etc.
For this we give our users access to the index patterns of say ‘user-*’. However we recently discovered a potential issue with aliases.
If user1 has indices with dates, such as user1-applicationname-2017.09.27 then user2 could potentially sabotage for user1 by creating an the index user2-test with the alias applicationname-2017.09.28 which would lead to user1’s application not being able to create the new index at midnight.
To get around this we tried to create an action group with minimum rights but it seems that as soon as a group has indices:admin/create they can create aliases and obviously denying that right won’t let them create indexes to begin with.
Is there any way to get around this?
Either by disallowing rights to alias actions or by seperating indexes and aliases in sg_roles.yml or something?
Our sg_action_groups.yml looks like this:
sg_roles.yml looks like this:
#password is: xxxxxxxxxxxxxx
Any help would be highly appreciated.