ACL configuration with indices is not working.

[prasanna....@gmail.com]

I have configured search guard with elasticsearch.

In ACL Configuration, if I dont specify any role with the specific access against any indices..it works.

However I want a role where it should be allowed only for a particular index.

Below is my configuration changes. With this configuration I am not able to start kibana itself.

If I remove indices from ACL configuration for role admin, It is working.

Here is my elasticsearch.yml configuration:

searchguard.enabled: true

searchguard.rewrite_get_as_search: true

searchguard.key_path: C:/Test/searchguard_node.key

searchguard.config_index_name: searchguard

searchguard.http.enable_sessions: false

searchguard.auditlog.enabled: true

searchguard.allow_all_from_loopback: true

searchguard.check_for_root: false

searchguard.authentication.authentication_backend.impl: com.floragunn.searchguard.authentication.backend.simple.SettingsBasedAuthenticationBackend

searchguard.authentication.authentication_backend.cache.enable: false

searchguard.authentication.authorizer.impl: com.floragunn.searchguard.authorization.simple.SettingsBasedAuthorizator

searchguard.authentication.authorizer.cache.enable: false

searchguard.authentication.http_authenticator.impl: com.floragunn.searchguard.authentication.http.basic.HTTPBasicAuthenticator

searchguard.authentication.settingsdb.user.admin: password

searchguard.authentication.settingsdb.user.manager: password

searchguard.authentication.authorization.settingsdb.roles.admin: ["admin"]

searchguard.authentication.authorization.settingsdb.roles.manager: ["manager"]

searchguard.actionrequestfilter.names: ["readonly"]

searchguard.actionrequestfilter.readonly.allowed_actions: ["indices:data/read/*", "*monitor*"]

searchguard.actionrequestfilter.readonly.forbidden_actions: ["cluster:admin*", "indices:admin*", "indices:data/write*"]

Here is my ACL configuration:

{

    "acl": [

    {    

        "__Comment__": "By default no filters are executed and no filters are by-passed. In such a case a exception is thrown and access will be denied.",

        "filters_bypass": [],

        "filters_execute": []

     },

     {

           "__Comment__": "For role 'admin' all filters are bypassed (so none will be executed). This means unrestricted access.",

           "roles": [

               "admin"

           ],        

"indices": [

               "logstash-2014.10.05"

           ],

           "filters_bypass": ["dlsfilter.*","dlsfilter.*"],

           "filters_execute": ["*"]

     },

     {

           "__Comment__": "For role 'operations' all filters will be executed.",

           "roles": [

               "manager"

           ],

           "filters_bypass": [],

           "filters_execute": ["*"]

     }

     ]

}

Please do the needfull.

Thanks,

Lakshmi.

[SG]

acl seems strange, you have no filter "dlsfilter.*" configured?
What are you trying to do?

> --
> You received this message because you are subscribed to the Google Groups "Search Guard" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to search-guard...@googlegroups.com.
> To post to this group, send email to search...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/f8ef96d0-0adc-4902-a427-c920e5909c24%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.

[elain ding]

you can update 

           "filters_bypass": ["dlsfilter.*","dlsfilter.*"],

like this:

           "filters_bypass": ["*"],

在 2015年6月30日星期二 UTC+8下午5:51:33，prasanna....@gmail.com写道：