I am looking to design my security model. Based on my initial assumption, I thought that because the security is based on index pattern with shield pattern expansion was done. Let me give you an example, Let say I have a company called abc, with the followings patterns.
abc-, abc-finances- and abc-production-, I thought that giving someone access to the pattern abc- would also give access to the pattern abc-finances-* and abc-production-. I did some testing and it doesn't seem to be true. You can see all the indices with the pattern abc-, but you can't use the pattern abc-finances-* or abc-production-* unless you have a specific grant on each of those patterns. Am I correct ?
When you create roles in Shield, you can use wildcards in the index name, so abc-* would expand to include any indexes that also match abc-finances-* and abc-production-*.
Thus, if my user was assigned a role that granted read access to abc-, when I run a search against abc- indexes, wildcard expansion of index names would end up also including abc-finances-* and abc-production-*
However, you are mentioning Index Patterns, which is a Kibana-level concept. The index expansion happens at the ES level, so it should also work, if you create the index pattern with abc-*.
Hope that helps!
Thanks for your reply. My question was more along the role mamagement stand point of view. Does somebody with grant on abc-* can also uses abc-finances-* and abc-productions-* without having a grant on those two indexes names specifically. I do understand that abc-* will return all the indices includes in abc-finances-*, but it is also less specific and will probably be slower to execute.