Set multiple indices ACL but can't work with both of them

I have multiple indices : logstash-ossec-,xq and .kibana.
I want to set username “user1” can readonly to .kibana,xq,and he can’t access logstash-ossec-
.

My configuration is as follows:

searchguard.authentication.authorization.settingsdb.roles.admin: [“root”]

searchguard.authentication.authorization.settingsdb.roles.user1: [“readonly”]

searchguard.actionrequestfilter.names: [“readonly”]

searchguard.actionrequestfilter.readonly.allowed_actions: [“indices:data/read/*”, “indices:admin/get”,“cluster:monitor/nodes/info”]

searchguard.actionrequestfilter.readonly.forbidden_actions: [“indices:data/write/*”]

{“acl”: [

{

Comment”: “By default no filters are executed and no filters a by-passed. In such a case a exception is throws an access will be denied.”,

“filters_bypass”: ,

“filters_execute”: ["*"]

},

{

Comment”: “This means that every requestor (regardless of the requestors hostname and username) which has the root role can do anything”,

“roles”: [

“root”

],

“filters_bypass”: ["*"],

“filters_execute”:

},

{

Comment”: “This means any user with the role starfleet or command can do anything with the starfleetinfos index”,

“roles” : [“root”],

“indices”: [“logstash-ossec-*”],

“filters_bypass”: ,

“filters_execute”: ["*"]

},

{

Comment”: “This means any user with the role starfleet or command can do anything with the starfleetinfos index”,

“roles” : [“readonly”],

“indices”: [“xq”,".kibana"],

“filters_bypass”: ,

“filters_execute”: [“readonly”]

}

]}

As this, it can be readonly to .kibana,xq.But it is able to read logstash-ossec-*.

I tried many times without success.

Thanks !!!

Is there some bugs?

在 2015年8月11日星期二 UTC+8下午12:19:22,kangji…@gmail.com写道:

···

I have multiple indices : logstash-ossec-,xq and .kibana.
I want to set username “user1” can readonly to .kibana,xq,and he can’t access logstash-ossec-
.

My configuration is as follows:

searchguard.authentication.authorization.settingsdb.roles.admin: [“root”]

searchguard.authentication.authorization.settingsdb.roles.user1: [“readonly”]

searchguard.actionrequestfilter.names: [“readonly”]

searchguard.actionrequestfilter.readonly.allowed_actions: [“indices:data/read/*”, “indices:admin/get”,“cluster:monitor/nodes/info”]

searchguard.actionrequestfilter.readonly.forbidden_actions: [“indices:data/write/*”]

{“acl”: [

{

Comment”: “By default no filters are executed and no filters a by-passed. In such a case a exception is throws an access will be denied.”,

“filters_bypass”: ,

“filters_execute”: ["*"]

},

{

Comment”: “This means that every requestor (regardless of the requestors hostname and username) which has the root role can do anything”,

“roles”: [

“root”

],

“filters_bypass”: ["*"],

“filters_execute”:

},

{

Comment”: “This means any user with the role starfleet or command can do anything with the starfleetinfos index”,

“roles” : [“root”],

“indices”: [“logstash-ossec-*”],

“filters_bypass”: ,

“filters_execute”: ["*"]

},

{

Comment”: “This means any user with the role starfleet or command can do anything with the starfleetinfos index”,

“roles” : [“readonly”],

“indices”: [“xq”,".kibana"],

“filters_bypass”: ,

“filters_execute”: [“readonly”]

}

]}

As this, it can be readonly to .kibana,xq.But it is able to read logstash-ossec-*.

I tried many times without success.

Thanks !!!