Hello there,
Versions (relevant - OpenSearch/Dashboard/Server OS/Browser):
I’m using a 2.16 version of Opensearch / Opensearch Dashboards with security audit log enabled.
Describe the issue:
I would like to use security auditlogs indices to catch any time a user tries to update / delete a document.
It works perfectly fine but I noticed the admin user can alter the audit logs… and event delete it if he wanted
Configuration:
Is it possible to prevent admin user to alter security_auditlog indices?
Best regards,