Hi, I have 20 indices. These indices has different naming convention. I am trying to define a ES role where a user can have access to 19 indices except one.
I can define a role and mention all 19 indices in the role one by one. But is there any way to exclude a single index from the role instead of mentioning all 19 one by one. Thanks
Welcome to our community! 
There's not, no. It sounds like a great feature request if you would like to raise it on GitHub.
This is possible today, but it's not very friendly.
An index name pattern within a role can use a Lucene regular expression. Lucene regex can do complements, which allows you to do what you're asking, but it's an ugly syntax.
If you want a role that grants access to everything except the fooble or woz indices, then you would define:
{
"indices": [
{
"names": [
"/~(fooble|woz)/"
],
"privileges": [ "all" ]
}
]
}
See also: https://github.com/elastic/elasticsearch/issues/29907
Oh, neat. Thanks for sharing that 
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.