I have multiple indices : logstash-ossec-,xq and .kibana.
I want to set username “user1” can readonly to .kibana,xq,and he can’t access logstash-ossec-.
My configuration is as follows:
searchguard.authentication.authorization.settingsdb.roles.admin: [“root”]
searchguard.authentication.authorization.settingsdb.roles.user1: [“readonly”]
searchguard.actionrequestfilter.names: [“readonly”]
searchguard.actionrequestfilter.readonly.allowed_actions: [“indices:data/read/*”, “indices:admin/get”,“cluster:monitor/nodes/info”]
searchguard.actionrequestfilter.readonly.forbidden_actions: [“indices:data/write/*”]
{“acl”: [
{
“Comment”: “By default no filters are executed and no filters a by-passed. In such a case a exception is throws an access will be denied.”,
“filters_bypass”: ,
“filters_execute”: [“*”]
},
{
“Comment”: “This means that every requestor (regardless of the requestors hostname and username) which has the root role can do anything”,
“roles”: [
“root”
],
“filters_bypass”: [“*”],
“filters_execute”:
},
{
“Comment”: “This means any user with the role starfleet or command can do anything with the starfleetinfos index”,
“roles” : [“root”],
“indices”: [“logstash-ossec-*”],
“filters_bypass”: ,
“filters_execute”: [“*”]
},
{
“Comment”: “This means any user with the role starfleet or command can do anything with the starfleetinfos index”,
“roles” : [“readonly”],
“indices”: [“xq”,“.kibana”],
“filters_bypass”: ,
“filters_execute”: [“readonly”]
}
]}
As this, it can be readonly to .kibana,xq.But it is able to read logstash-ossec-*.
I tried many times without success.
Thanks !!!