Is it possible to exclude indices from roles?
For example, say I have the following indices:
- logstash-access-iis-[date]
- logstash-access-tomcat-[date]
- logstash-application-log4net-[date]
- logstash-application-log4j-[date]
The average user gets read access to all indices via the following role:
kibana_user:
cluster:
- monitor
indices:
- names: 'logstash-*'
privileges:
- view_index_metadata
- read
But now I'm adding a new index that I want to limit user access via a separate role to called:
- logstash-application-rabbitmq-[date]
Is there any way I can exclude this index pattern from the kibana_user
role? Or do I need to change that role to:
kibana_user:
cluster:
- monitor
indices:
- names: 'logstash-access-*'
privileges:
- view_index_metadata
- read
- names: 'logstash-application-log4net-*'
privileges:
- view_index_metadata
- read
- names: 'logstash-application-log4j-*'
privileges:
- view_index_metadata
- read