Hello, Community!
I am new to Elasticsearch and after installing and playing around with it, I am now reading the API documentation.
I came across the URL-based access control page and am now wondering: Is it certain that a query which starts with some particular index (or set of indices if several indices are specified by a list or a * regexp), that is, a query of the form /myindex/... certainly only gives access to the given index, if rest.action.multi.allow_explicit_index is set to false in the configuration? Are there ways to inject a call to further indices and if so what are good ways of securing the access here?
Thanks for any input!
Photon