Hello,
I want grant my new user read only privilege on all indices except one. I don't understand how I can write the query in KQL (I don't use Lucene) :
Is it possible ? How ?
Which version of the Elastic stack are you running?
A role can have multiple Index privileges. Simply create a 'read' privilege on * and create an additional index priv for the specific index.
It's Kibana 7.6. So if I have a read privilege on *, I can negate it on specific index ? What is the privilege to apply on this specific index ?
Thanks, but I don't want give all privileges to a specific indices et read privilege to others. I want give read privileges to all indices except one. This one must not be accessible by my user.
try /~(indexname)/ - matches all indices except for the named index
This doesn't work, my user have read privileges on all indices. This expression is Lucene, and I search the KQL equivalent. I tested with /~(prefix-kube-system-*)/.
I also tried index pattern like prefix-*,-prefix-kube-system-*, but this doesn't work, my user have again read privileges on all indices.
Ok, it seems I can use Lucene regexp in this field. So I found the solution : /prefix-@&~(prefix-kube-system-@)/.
1 Like
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.