Security and Aliases

We are creating our search index using the resource “own_index” so the users we create can manage their own search index. I’m currently looking into utilizing aliases to protect against mapping changes. I’m also looking at splitting off part of our index into a separate search index so we can manage the main index more efficiently.

Is there a way to set up a security resource similar to “own_index” that allows access to any sub-indexes? For example, if the user is named “user1”, can I automatically give it access to manage indices named “user1.alias1”, “user1.alias2”, “user1.subindex”?

Hi @mdu,

What about doing something like:

index_permissions:
    - index_patterns:
        - 'user1*'
    - allowed_actions:
        - 'listOfPermissionsNeeded'

Best,
mj

The more I looked yesterday, the more I realized that I probably need to do something like that. I’m trying to figure out how to not have to create one role per user. The advantage to own_index is that by default it is available to every user.

Is there a way to insert variables into a role so that the index pattern is available automatically, or do I have to create a unique security role for every user that is going to be creating indexes?

you could try something like:


"index_patterns": ["${user_name}-*"]

similar works for own_index:

 "own_index": {
    "reserved": true,
    "hidden": false,
    "description": "Allow all for indices named like the current user",
    "cluster_permissions": [
      "cluster_composite_ops"
    ],
    "index_permissions": [
      {
        "index_patterns": [
          "${user_name}"
        ],
        "fls": [],
        "masked_fields": [],
        "allowed_actions": [
          "indices_all"
        ]
      }
    ]

best,
mj