[Enterprise ROR Edition] Forbid specific indices

Hello guys,
Short question, is there any chance to have in a group a list of indices with specific access and in the same time to have forbid to another list of indices ?
EX:

    - name: "Allowed for web kibana"
      groups: [group_web_kibana]
      indices: ["index1-*", "index2", "index3"]
      #//Here should be something like
      forbid_indices: [".readonlyrest", "index4-*”]
      actions: [
           "indices:data/read/*",
          "indices:data/write/*",
          "indices:admin/template/*",
          "indices:admin/create",
        ]

ROR Version for kibana and es: 1.18.9_es7.2.0 -> Enteprise edition
ES Version: 7.2.0

Many thanks in advance


EDIT by @sscarduzio: wrapped the YAML in triple back-quotes (```) so it shows properly formatted.

Hi @cristianr, welcome to the forum!

This is a typical question, but we never really went through and explained it in the forum well enough I think. So thanks for the opportunity.

The best way to obtain the effect expressed in your example is to take advantage of the flexibility of the sequential ACL model, and write… Two blocks instead than one!

So it becomes:

    - name: "Forbidden for web kibana"
      type: forbid
      groups: [group_web_kibana]
      indices: [".readonlyrest", "index4-*"]
      
    - name: "Allowed for web kibana"
      groups: [group_web_kibana]
      indices: ["index1-*", "index2", "index3"]
      actions: [
          "indices:data/read/*",
          "indices:data/write/*",
          "indices:admin/template/*",
          "indices:admin/create",
        ]
1 Like

Hello,

Many thanks for your help.
This solved my problem perfectly.

1 Like