How to allow access to all indices except one?

On Friday, November 30, 2018 at 1:31:26 PM UTC+1, Maxim Nasonov wrote:

• Search Guard and Elasticsearch version - 5.2.2

• JVM version and operating system version - 1.8.0_191, Ubuntu 16.04.2 LTS

• Search Guard configuration files

I’ve tried several regular exceptions, for example:

sg_roles.yml:

sg_test:

cluster:

- CLUSTER_MONITOR

indices:

'/^((?!sensitive_data).)*$/':

  '*':

    - READ

sg_roles_mapping.yml:

sg_test:

users:

- user

$ curl -k -XGET -u user:* ‘https://localhost:9200/test_data/_search’

{“error”:{“root_cause”:[{“type”:“security_exception”,“reason”:“no permissions for indices:data/read/search”}],“type”:“security_exception”,“reason”:“no permissions for indices:data/read/search”},“status”:403}

On Monday, December 3, 2018 at 6:02:51 PM UTC+7, Jochen Kressin wrote:

The approach is correct, but at the moment dots are not allowed in YAML keys.

Instead of:

‘/^((?!sensitive_data).)*$/’

Can you try:

‘/^((?!sensitive_data)(\S|\s))*$/’

On Friday, November 30, 2018 at 1:31:26 PM UTC+1, Maxim Nasonov wrote:

• Search Guard and Elasticsearch version - 5.2.2

• JVM version and operating system version - 1.8.0_191, Ubuntu 16.04.2 LTS

• Search Guard configuration files

I’ve tried several regular exceptions, for example:

sg_roles.yml:

sg_test:

cluster:

- CLUSTER_MONITOR

indices:

'/^((?!sensitive_data).)*$/':

  '*':

    - READ

sg_roles_mapping.yml:

sg_test:

users:

- user

$ curl -k -XGET -u user:* ‘https://localhost:9200/test_data/_search’

{“error”:{“root_cause”:[{“type”:“security_exception”,“reason”:“no permissions for indices:data/read/search”}],“type”:“security_exception”,“reason”:“no permissions for indices:data/read/search”},“status”:403}

On Tuesday, December 4, 2018 at 1:43:42 AM UTC+1, Maxim Nasonov wrote:

Thank you Jochen. Works like a charm.

On Monday, December 3, 2018 at 6:02:51 PM UTC+7, Jochen Kressin wrote:

The approach is correct, but at the moment dots are not allowed in YAML keys.

Instead of:

‘/^((?!sensitive_data).)*$/’

Can you try:

‘/^((?!sensitive_data)(\S|\s))*$/’

On Friday, November 30, 2018 at 1:31:26 PM UTC+1, Maxim Nasonov wrote:

• Search Guard and Elasticsearch version - 5.2.2

• JVM version and operating system version - 1.8.0_191, Ubuntu 16.04.2 LTS

• Search Guard configuration files

I’ve tried several regular exceptions, for example:

sg_roles.yml:

sg_test:

cluster:

- CLUSTER_MONITOR

indices:

'/^((?!sensitive_data).)*$/':

  '*':

    - READ

sg_roles_mapping.yml:

sg_test:

users:

- user

$ curl -k -XGET -u user:* ‘https://localhost:9200/test_data/_search’

{“error”:{“root_cause”:[{“type”:“security_exception”,“reason”:“no permissions for indices:data/read/search”}],“type”:“security_exception”,“reason”:“no permissions for indices:data/read/search”},“status”:403}