is it possible to restrict users access to elasticsearch API?

We want to create a “cluster manager user” that can only has access to the API and certain APIs paths, here a few of them:

POST _ilm/stop
PUT _cluster/settings

to do some managing tasks for the cluster.
We’ve arrived to the documentation (For Elasticsearch | ReadonlyREST) and we see there’s access to limit the API paths of the kibana calls, but not the elasticsearch calls

We’re wondering if there’s a way to have this users with these restrictions in place in an easy way since we don’t have access to the roles/privileges from elasticsearch (which I think it could work).

thanks

Expected behaviour

Not a but, just how can we do this

Technical details

ROR version: "1.63.0"
ES version: "9.0.0"

Logs and config files

• Logs and config files are irrelevant to the issue

{“customer_id”: “93949962-8b24-494d-a10c-2c4235dfec20”, “subscription_id”: “6c68a597-eeac-430a-afbc-8432e4fda85e”}

We’re thinking adding the actions restrictions to:

“cluster:admin/ilm/stop”

Hi @carlosm

We have a plan to address the problem you mention. We are planning to values of the kibana.access rule. For sure there should be some kind of cluster manager user thing (or sth like that).

But at the moment you have several rules that may help you:

1. actions rule - you will find the available actions here
2. uri_re rule and methods rule

Please let me know if this is something you were looking for