Exclude indices from Elastic Search role

Hi, I have 20 indices. These indices has different naming convention. I am trying to define a ES role where a user can have access to 19 indices except one.
I can define a role and mention all 19 indices in the role one by one. But is there any way to exclude a single index from the role instead of mentioning all 19 one by one. Thanks

Welcome to our community! :smiley:

There's not, no. It sounds like a great feature request if you would like to raise it on GitHub.

This is possible today, but it's not very friendly.

An index name pattern within a role can use a Lucene regular expression. Lucene regex can do complements, which allows you to do what you're asking, but it's an ugly syntax.

If you want a role that grants access to everything except the fooble or woz indices, then you would define:

{
  "indices": [
    {
      "names": [
        "/~(fooble|woz)/"
      ],
      "privileges": [ "all" ]
    }
  ]
}

See also: https://github.com/elastic/elasticsearch/issues/29907

Oh, neat. Thanks for sharing that :smiley:

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.