Elasticsearch security - possible to block _search but allow get/mget?

Is it possible to create an elasticsearch user that can do get/mget but not search? It looks like there is only elasticsearch privilege around reading, called "read", and not fine grain control. I could maybe use field filtering, but that requires platinum.

The use case I'm trying to solve for is I want to allow a user to get a document if they know the id, but not search for documents.

Maybe I just need to build a simple proxy.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.