Index date math expression when defining index permissions #64972
Labels
>enhancement
:Security/Authorization
Roles, Privileges, DLS/FLS, RBAC/ABAC
Team:Security
Meta label for security team
team-discuss
Comments
albertzaharovits
added
>enhancement
:Security/Authorization
|
Pinging @elastic/es-security (:Security/Authorization) |
|
Interesting proposal. Do you think there may be some issue with caching if we allow dynamic dates using |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
To grant index permissions, wildcards and lucene regexps can be used in the name field of the index permission in the role definition.
The wildcards and regexps can cover indices, data streams, as well as alias names, although we're planning to remove support for aliases in the coming major release (v8) (because of issues, such as #61547 and #32238).
But aliases can be utilised by ILM rollover policies with indices that follow a naming pattern containing dates.
If we're going to take away the option to grant permissions on aliases, I think we should facilitate granting permissions on index names containing dates, by permitting using date math expressions in the name field of the index expression. The
nowtoken is especially useful.Related https://discuss.elastic.co/t/range-query-in-doc-lvl-security/254431
The text was updated successfully, but these errors were encountered: