I have a sensitive index which I have restricted access to a limited number of users, Is it possible to also restrict access to the index for admin users?
Let me rephrase to see whether I understand your requirements correctly:
When you say “admin user”, I assume this is a user that has access to all indices in your cluster. Most likely you have defined “" as index pattern and maybe also "” for the permissions. This means the user has full access to all indices.
Now you have one index with very sensitive data. And you want to exclude this (and only this) index from the admin role. So you need a role like “access to all indices, but not this one”.
If I understood this correctly then you can use the
exclude_index_permission feature for your role definition. Have a look at this section in the docs which has an example how to achieve exactly that:
Yes that’s correct.
Great thanks for your help, I’ll take a look at the examples provided.