Access user to access particular index in shield

security

(karthik) #1

Hi , i try to work in elastic shield with elastic search , i have an query about , how to assign single user to access only particular index ? in creating roles in roles.yml , there is option to speciall paricular role to access only particular index ?

Example , i have an user1 , user2 both in different role , how i make user1 to access only index 1 , and user2 to access index2 ?


(Jay Modi) #2

Hi,

Have you looked at the authorization documentation? It talks about how to specify roles for specific indices and then you would assign the respective role to the appropriate users.

-Jay


(karthik) #3

OK , thanks jaymodi , i look on it , supppose i have an index like

curl -XGET 'http://localhost:9200/index1/user/
curl -XGET 'http://localhost:9200/index2/post/
curl -XGET 'http://localhost:9200/index2/post/

Then the rule to access index1 is for user in role get_user

get_user:
indices:
'index1': 'indices:data/read/get'

Then the rule to access index2 is for user in role dev_user

dev_user:
indices:
'index12': 'indices:data/read/get'

Right ? or anything i missed ?


(Jay Modi) #4

I think it is close. The indices:data/read/get action usually just corresponds to a get by ID I think. You'll probably want to grant the user the special read privilege so they can search, use mget, count, etc. See https://www.elastic.co/guide/en/shield/current/reference.html#privileges-list-indices

So your example would then be:

get_user:
  indices:
    'index1': read

dev_user:
  indices:
    'index12': read

(system) #5