Does "Index Privileges" really work?

The latest ELK 5.3.2 with X-Pack.
I'm trying to use "Index Privileges" for configure per-index user access.
But as far as I use any wildcard except "", user has no access at all. I.e. I'd like to define a role with access to "logstash-nginx-" indices.
Did I miss something?

TIA, Vitaly

Are the indices named with a time-based convention? For example, logstash-nginx-2017-05-05, logstash-nginx-2017-05-04, etc?

If so, when you configure the role, you will need to specify an index pattern.

If we were creating this role in the Kibana UI Management page, and the indices we want access to are tweets-*, then it would look like:

That same configuration done as a curl request would look like:

curl -H 'Content-Type:application/json' -XPOST -uelastic:changeme 'http://localhost:9200/_xpack/security/role/tweet_reader' -d '{
  "indices": [ { "names": [ "tweets-*" ], "privileges": [ "read" ]  } ]
}'

When you add this role to a user, if you want that user to be able to use Kibana, that user also needs to have the kibana_user role.

1 Like

Are the indices named with a time-based convention?
Yes, and I configured a few indix termplates in Kibana management.
If we were creating this role in the Kibana UI Management page
Yes, I used Kibana for manage users/roles.

Tim, many thanks for your answer, I'll re-check my configuration soon.
Vitaly

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.