let me start saying that I am not a search guard expert, I start using a few weeks ago. However, I think I know what’s wrong with your config.
The role definition structure is:
<sg_role_name>:
cluster:
- '<action group or single permission>'
- ...
indices:
'<indexname or alias>':
'<document type>': - '<action group or single permission>'
- ...
Looking to your “?kibana” section, you wrote as document-type “nginx-*” which is not the type but the name of an index pattern, the type is actually 'index-pattern" (you can see it by doing a simple query: “GET .kibana/index-pattern/_search” ) you will see that you have multiple entries of the index-pattern type one per each pattern you configured. With this explanation in mind, what you want to do is actually restrict the access to the document level (a user should be able to see only a specific document of the “.kibana” index) and this, I think is an Enterprise feature (see https://floragunn.com/)
Summarizing, your config is not correct for what you want to achieve and you cannot do what you want to do with the free version of search guard.
Please, do not take this as the oracle truth, I am just a user and not even for a very long time.
Thanks for the reply, I definitely got the wrong end of the stick with the kibana reference, I am still battling with this. Thankfully I am in contact with a support team to guide me through it, when I find my answer I will post it here.
···
On Monday, 9 October 2017 11:59:25 UTC+1, Alessandro Puccetti wrote:
HI Antony,
let me start saying that I am not a search guard expert, I start using a few weeks ago. However, I think I know what’s wrong with your config.
The role definition structure is:
<sg_role_name>:
cluster:
- '<action group or single permission>'
- ...
indices:
'<indexname or alias>':
'<document type>': - '<action group or single permission>'
- ...
Looking to your “?kibana” section, you wrote as document-type “nginx-*” which is not the type but the name of an index pattern, the type is actually 'index-pattern" (you can see it by doing a simple query: “GET .kibana/index-pattern/_search” ) you will see that you have multiple entries of the index-pattern type one per each pattern you configured. With this explanation in mind, what you want to do is actually restrict the access to the document level (a user should be able to see only a specific document of the “.kibana” index) and this, I think is an Enterprise feature (see https://floragunn.com/)
Summarizing, your config is not correct for what you want to achieve and you cannot do what you want to do with the free version of search guard.
Please, do not take this as the oracle truth, I am just a user and not even for a very long time.
)