Exclude indices from role?

Jakauppila · February 5, 2017, 5:56am

Is it possible to exclude indices from roles?

For example, say I have the following indices:

logstash-access-iis-[date]
logstash-access-tomcat-[date]
logstash-application-log4net-[date]
logstash-application-log4j-[date]

The average user gets read access to all indices via the following role:

kibana_user:
  cluster:
      - monitor
  indices:
    - names: 'logstash-*'
      privileges:
        - view_index_metadata
        - read

But now I'm adding a new index that I want to limit user access via a separate role to called:

logstash-application-rabbitmq-[date]

Is there any way I can exclude this index pattern from the kibana_user role? Or do I need to change that role to:

kibana_user:
  cluster:
      - monitor
  indices:
    - names: 'logstash-access-*'
      privileges:
        - view_index_metadata
        - read
    - names: 'logstash-application-log4net-*'
      privileges:
        - view_index_metadata
        - read
    - names: 'logstash-application-log4j-*'
      privileges:
        - view_index_metadata
        - read

Christian_Dahlqvist · February 5, 2017, 8:15am

As a user can have multiple roles, why not just manage this index through a separate role that you only assign to the users allowed to access it?

Jakauppila · February 5, 2017, 1:54pm

Sorry, I should have clarified; the plan is to provision access to the new index via a new role:

rabbitmq_user:
  cluster:
      - monitor
  indices:
    - names: 'logstash-application-rabbitmq-*'
      privileges:
        - view_index_metadata
        - read

But since my current role specifies - names: 'logstash-*' I believe I would have to change it to what I specified above. Just wanted to make sure there wasn't some option like this available:

kibana_user:
  cluster:
      - monitor
  indices:
    - names: 'logstash-*'
      privileges:
        - view_index_metadata
        - read
    - excludes: 'logstash-application-rabbitmq-*'

Christian_Dahlqvist · February 5, 2017, 2:07pm

You will need to change your kibana_user role to be more specific with respect to index names.

system · March 5, 2017, 2:07pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Exclude indices from Elastic Search role Kibana elastic-stack-security	4	2611	September 8, 2020
How to hide the index for specific user Elasticsearch	6	2463	March 6, 2018
How to prevent access to specific indexes? Elasticsearch elastic-stack-security	3	2322	July 6, 2017
Allow Kibana role to access all indices EXCEPT FOR a specific one Elasticsearch elastic-stack-security	3	932	July 14, 2023
Role Management - Access to 1 index only Elasticsearch	9	3168	June 27, 2018

Exclude indices from role?

Related topics