Hello.
I need to provide access to indices like project_{random suffix}, but deny access to project_system and project_kubernetes
This doesn’t work (user see records from all indices):
project:
index_permissions:
- allowed_actions:
- "SGS_READ"
index_patterns:
- "project*"
- allowed_actions:
index_patterns:
- "project_system"
- "project_kubernetes"
Could you please assist?
We use elk 7.10.2 and modern SearchGuard plugins.
Thanks