My roles.yml :
# Kibana role read-only for client
sg_kibana4_client:
cluster:
- cluster:monitor/nodes/info
- cluster:monitor/health
indices:
'?kibana':
'*':
- READ
- indices:admin/mappings/fields/get*
- indices:admin/validate/query*
- indices:admin/get*
- indices:admin/exists*
- indices:admin/mappings/fields/get*
- indices:admin/refresh*
- indices:admin/validate/query*
- indices:data/read/get*
- indices:data/read/mget*
- indices:data/read/search*
sg_clientname:
indices:
'*-clientname-*':
'*':
- READ
$ curl -XGET -u clientname:spock http://localhost:9200/logstash-*-apache-access-*?pretty
{
"error" : {
"root_cause" : [ {
"type" : "security_exception",
"reason" : "no permissions for indices:admin/get"
} ],
"type" : "security_exception",
"reason" : "no permissions for indices:admin/get"
},
"status" : 403
}
[com.floragunn.searchguard.configuration.PrivilegesEvaluator] No perm match for indices:admin/get and [sg_kibana4_client, sg_clientname, sg_public]