Exclude user access using regular expressions in kibana

Shivani_Hadke · January 10, 2023, 12:37pm

I would like to exclude only a particular index and have access to rest of all indexes in a cluster.

Right now, I'm adding every index by clicking on it and in roles and it is a hectic task to do just to exclude one index in the permissions.

Is there a way I can do this excluding using regular expressions. If yes, can I give it in kibana roles?

Thanks in advance.

Please guide me to find a solution.

dadiasish · January 10, 2023, 12:40pm

Hi,

Yes there is a possibility. Go through the below documentation for reference.

`ANYSTRING`

Enables the `@` operator. You can use `@` to match any entire string.

You can combine the `@` operator with `&` and `~` operators to create an "everything except" logic. For example:

@&~(abc.+) # matches everything except terms beginning with 'abc'

You can use the below format in Dev Tools to exclude only a particular regex and give access to rest all.

{
  "cluster": ["all"],
  "indices": [
    {
      "names": ["/@&~(abcde.+)/"],
      "privileges": ["all"],
      "allow_restricted_indices" : false
    }
  ]

In names, give the index name in place of "abcde" and only that index is excluded to access.

Shivani_Hadke · January 10, 2023, 12:44pm

Do I need to do this in dev tools?

Should I directly give this. Sorry please guide me as I'm new in doing this.

It would be great if you provide me with an example.

dadiasish · January 10, 2023, 12:45pm

This is just an example, you need to alter according to your requirement on what you need to enable in the access.

Below is an example:

POST _security/role/sample_role
{
  "cluster": ["all"],
  "indices": [
    {
      "names": ["/@&~(abcde.+)/"],
      "privileges": ["all"],
      "allow_restricted_indices" : false
    }
  ],
  "applications" : [
      {
        "application" : "kibana-.kibana",
        "privileges" : [
          "feature_discover.all",
          "feature_dashboard.all",
          "feature_canvas.all",
          "feature_maps.read",
          "feature_visualize.all",
          "feature_logs.all",
          "feature_infrastructure.all",
          "feature_apm.read",
          "feature_uptime.all",
          "feature_siem.read",
          "feature_dev_tools.all",
          "feature_advancedSettings.read",
          "feature_indexPatterns.all",
          "feature_savedObjectsManagement.read",
          "feature_fleet.all"
        ],
        "resources" : [
          "space:default"
        ]
      }
    ],
    "run_as" : [ ],
    "metadata" : { },
    "transient_metadata" : {
      "enabled" : true
    }
}

Shivani_Hadke · January 10, 2023, 12:45pm

Thanks a lot. Let me try.

system · February 7, 2023, 12:46pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Allow Kibana role to access all indices EXCEPT FOR a specific one Elasticsearch elastic-stack-security	3	703	July 14, 2023
Exclude indices from Elastic Search role Kibana elastic-stack-security	4	2283	September 8, 2020
Exclude indices from role? Elasticsearch	4	1592	March 5, 2017
Exclude pattern for position Kibana	8	3753	July 12, 2017
Index privilege syntax : all indices except one Kibana	9	1754	April 1, 2020

Exclude user access using regular expressions in kibana

Related Topics