I am trying to set up giving some users access only to certain index patterns (and eventually queries) using roles in Shield. I have successfully set up a 'read_only' role that is able to use Kibana, see code below:
readonly: cluster: - cluster:monitor/nodes/info - cluster:monitor/health indices: '*': - indices:admin/mappings/fields/get - indices:admin/validate/query - indices:data/read/search - indices:data/read/msearch - indices:admin/get '.kibana': - indices:admin/exists - indices:admin/mapping/put - indices:admin/mappings/fields/get - indices:admin/refresh - indices:admin/validate/query - indices:data/read/get - indices:data/read/mget - indices:data/read/search - indices:data/write/delete - indices:data/write/index - indices:data/write/update - indices:admin/create
However when I change '*' to my index pattern it fails, giving me the error:
Discover: [security_exception] action [indices:data/read/msearch] is unauthorized for user [test]
Even after I add
'.kibana' (which it doesn't appear to need for my read-only role) it continues to give me the same error.