Reputation: 494
ELK - How to provide permission to individual user on particular index
I have few index in my cluster
index_2019-01-01
index_2019-01-02
index_2019-01-03
index_2019-01-04
index_2019-01-05
index_2019-01-06
There are two user USER1 & USER2
USER1 has full right to this index pattern.
I want to provide access rigths to USER2 for first three index only.
How can I achieve this in ELK
Elastic version 7.2
Upvotes: 2
Views: 2847
Answers (2)
Reputation: 107
I know you're asking about Elastic v7.2, but I stumbled upon this question and I'm using ES v8.4.1. In case someone else ends up here from a Google search, I want to say that it's very much possible to do what OP wants.
I'll assume that the built-in user elastic has the password '123456', which you can set via ELASTIC_PASSWORD: 123456 in docker-compose.yml if you're using Docker (link).
If you're using Docker, exec into the elasticsearch Docker container via docker exec -it elasticsearch bash. Here are the steps to enable index-level access:
- Create a role that has access to the desired indices:
curl -X POST "localhost:9200/_security/role/regular?pretty" -H 'Content-Type: application/json' -d'
{
"cluster": ["all"],
"indices": [
{
"names": [ "index_2019-01-01", "index_2019-01-02", "index_2019-01-03"],
"privileges": ["all"]
}
]
}
' -u elastic:123456
- Create a user with that role:
curl -X POST "localhost:9200/_security/user/john?pretty" -H 'Content-Type: application/json' -d'
{
"password" : "123456",
"roles" : [ "regular" ],
"full_name" : "John John",
"email" : "[email protected]",
"metadata" : {
"intelligence" : 7
}
}
' -u elastic:123456
Now try fetching all the docs from any of the indexes that
johnhas access to (you should see all the docs):curl "localhost:9200/index_2019-01-01/_search?pretty=true" -u john:123456Also, try fetching the docs from an index that
johndoesn't have access to (you should receive a 403 HTTP status in the response):curl "localhost:9200/index_2019-01-04/_search?pretty=true" -u john:123456
Upvotes: 0
Reputation: 3667
This feature (index level security) is not possible with the basic license of elasticsearch.
But there are several other ways to archieve it with more or less invest of money and/or time:
- Obtain a Subscription for Elasticsearch containing Index level security elasticsearch security
- Use 3rd party plugins like readonlyrest or search guard
- Add a separate security layer in front of your cluster using a reverse proxy (apache httpd, nginx,... ) and further configuration or even a homebrew proxy api
Have fun!
Upvotes: 1
Related Questions
- HOW TO PREVENT USER FROM DELETING INDEX IN ELASTICSEARCH
- Elasticsearch read only user
- How to show only results that user has access to
- Elastic search per user access control to document
- single permissions in search guard
- Role based access control for Kibana and Elastic Search
- ElasticSearch / Kibana: read-only user privileges
- Elasticsearch: private user documents
- ElasticSearch index per user?
- ElasticSearch separate index per user