Hello.
I need to provide access to indices like project_{random suffix}, but deny access to project_system and project_kubernetes
This doesn’t work (user see records from all indices):
project:
index_permissions:
- allowed_actions:
- "SGS_READ"
index_patterns:
- "project*"
- allowed_actions:
index_patterns:
- "project_system"
- "project_kubernetes"
Could you please assist?
We use elk 7.10.2 and modern SearchGuard plugins.
Thanks
@trautw You would want to use Permission Exclusions, see example below:
my_role_using_exclusions:
cluster_permissions:
- "*"
exclude_cluster_permissions:
- SGS_MANAGE_SNAPSHOTS
index_permissions:
- index_patterns:
- "*"
allowed_actions:
- SGS_CRUD
exclude_index_permissions:
- index_patterns:
- "secret"
actions:
- "*"
Ensure the sg_config.yaml has do_not_fail_on_forbidden set to true
Further details available here
This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.