Want to grant delete permissions for a non admin account for specific prod-test-* indexes
Created a new role and mapped it to an AD group but does not seem to like it. Users still get , Error in 'delete' command: You have insufficient privileges to delete events.
[role_test_access]
srchIndexesAllowed = _audit
deleteIndexesAllowed = prod-test*
delete_by_keyword= enabled
Any suggestions highly appreciated.
@athorat,
Add the below also to your authorize.conf
importRoles = can_delete
Thanks @renjith.nair , Doesnt seem to work.
@athorat,
Have you posted your entire role definition above or is it only some part of it?
Because, search capability is missing in the above role definition which is required and also the srchIndexesAllowed
has only _audit. Probably you need to add prod-test* as well so that the users can search on those indexes as well.