Currently. I’m stuck on creating a user for a developer used for the query which has read-only permission.
- Cluster permission
cluster_composite_ops_ro cluster_monitor indices:admin/template/get
- Index Permission:
- Pattern: * ( i want give user for all user can read everything from es )
- index permission: read / get /search
Those setting is good and prevent no info log related to lack of permission on ODFE Log.
But somehow user still can delete index by query:
Version: 7.8.0 and 7.10.2
Update: I tried to create index custom-like
and can not delete it
but other index patterns, it can delete it as well. So what is different here