20 lines
No EOL
630 B
YAML
20 lines
No EOL
630 B
YAML
_meta:
|
|
type: "roles"
|
|
config_version: 2
|
|
|
|
gendb_user_role:
|
|
description: "DLS: user can read/write docs they own or are allowed on"
|
|
cluster_permissions:
|
|
- "indices:data/write/bulk"
|
|
- "indices:data/write/index"
|
|
index_permissions:
|
|
- index_patterns: ["documents", "documents*", "search_contexts", "search_contexts*"]
|
|
allowed_actions:
|
|
- crud
|
|
- create_index
|
|
dls: >
|
|
{"bool":{"should":[
|
|
{"term":{"owner":"${user.name}"}},
|
|
{"term":{"allowed_users":"${user.name}"}},
|
|
{"bool":{"must_not":{"exists":{"field":"owner"}}}}
|
|
],"minimum_should_match":1}} |