I am new to the ELK stack and I am trying to find a built-in role that could allow a user to create and delete their own indexes but restricted to deleting others' indexes (read-only). Is there any specific role that has these privileges? I went through this Built-in roles | Elasticsearch Guide [8.12] | Elastic and couldn't find any.
I don't think there any specific in Elasticsearch that would do that.
You can create a custom role to do what you want, but you will also need that each user index uses a prefix or sufix so this can be added to the role, which also means that you will need one role per user.
For example, your users would need to use index like this: username-index-name or index-name-username, then you would create a role that gives full access to the index username-* for the specific user.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.