How to restrict kibanauser role for index pattern deletion

shubhamblackstratus · September 10, 2020, 6:30am

Hi Team,

I am using latest version of opendistro elasticsearch. I have also setup a cluster successfully.

I have created custom roles for every indices access; which applied to individual users whom are required to access them. Find testing configs.

role.yml
read_index1:
index_permissions:

index_patterns:
- “index1”
  allowed_actions:
- “READ”
- “SEARCH”
- “GET”
- “SUGGEST”

roles_mapping YML:
read_index1:
reserved: true
backend_roles:

“read_index1”

kibana_user:
reserved: true
backend_roles:

“kibanauser”

Internal Users YML:
user1:
description: user1
hash: ****** hash******
backend_roles:

“kibanauser”
“read_index1”

Everything has been working fine but problem is that user1 can delete other index patterns also.

Let me know if I can restrict him.

Shubham

stmx38 · September 10, 2020, 8:21am

Hello @shubhamblackstratus,

You use kibana_user role to provides user access to the Kibana. Every index pattern probably is stored in the index like .kibana_-xxxxx where user, accordingly to the kibana_user have delete permissions:

Is there a way to use a different custom role for this with the required permissions or use a custom tenant with the defined index patterns where user will have only read-only permissions?