Hello,
I want grant my new user read only privilege on all indices except one. I don't understand how I can write the query in KQL (I don't use Lucene) :
Is it possible ? How ?
Hello,
I want grant my new user read only privilege on all indices except one. I don't understand how I can write the query in KQL (I don't use Lucene) :
Is it possible ? How ?
Which version of the Elastic stack are you running?
A role can have multiple Index privileges. Simply create a 'read' privilege on *
and create an additional index priv for the specific index.
It's Kibana 7.6. So if I have a read privilege on *, I can negate it on specific index ? What is the privilege to apply on this specific index ?
Thanks, but I don't want give all privileges to a specific indices et read privilege to others. I want give read privileges to all indices except one. This one must not be accessible by my user.
try /~(indexname)/
- matches all indices except for the named index
This doesn't work, my user have read privileges on all indices. This expression is Lucene, and I search the KQL equivalent. I tested with /~(prefix-kube-system-*)/
.
I also tried index pattern like prefix-*,-prefix-kube-system-*
, but this doesn't work, my user have again read privileges on all indices.
Ok, it seems I can use Lucene regexp in this field. So I found the solution : /prefix-@&~(prefix-kube-system-@)/
.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.