Doubts about sg_roles.yml

Hi friends;

I´m beggining work whit elasticSearch, and I have some doubts with the configuration of file sg_roles.yml and permisssions in general:

I need provide access at diferents peoples, por example I have set any user than can access to indeces.

With this role y can have access from kibana a her logs.

The user can:

• create indeces

• create visualizations

• read her logs.

and I only need than

The the user can´t;

• remove indices

• create indeces

• Set advance settings

sg_own_index:
readonly: true
cluster:
- CLUSTER_COMPOSITE_OPS_RO
- indices:admin/aliases*
- indices:data/write/reindex
- indices:data/write/bulk

indices:
‘logger-${user_name}':
'’:
- indices:data/write/bulk
- READ
‘?kibana’:
'':
- indices:data/write/index
- indices:data/write/update
- indices:admin/mapping/put
- READ
‘?kibana-6’:
'':
- indices:data/write/index
- indices:data/write/update
- indices:admin/mapping/put
- READ
‘':
'’:
- indices:data/read/field_caps*

I have other question, what is the meaning of ‘?kibana’ or ‘kibana6’ .?

I can´t some guide of how can set the role?

for example I need to know what it does this line - indices:data/write/index

Regards, and thanks

When asking questions, please provide the following information:

• Docker stack

• Search Guard and Elasticsearch version 6.3.0

I think you are confusing Elasticsearch indices with Kibana index-patterns and other Kibana functionality.

Index patterns, visualizations, dashboards etc. are stored in one Kibana index, called “.kibana” or, when migrating from 5 → 6, “.kibana6”. Any Kibana user needs to be able to read/write this index. Since all of the Kibana objects are stored in this one index, there is no way (as of now) to control which of these objects a user can access. In other words, it’s not possible to control access on the Kibana saved objects level. The advanced settings is also a Kibana feature which cannot be controlled on ES/SG level.