In my setup I'll be creating indexes where the index is the id = an associated group of applications.
This id will be in an LDAP tree where the user has access to a # of id's.
Is there a way to automatically setup/create an READ only index role when a new index is created in ES?
Apologies, but I'm not sure I follow this. Could you try to elaborate or add a more concrete example ?
If you mean internally to elasticsearch, no. There is no functionality to trigger role creation based on index creation and there is no template option for roles that would take into consideration the index name. One possibility might be to have a watch with a short trigger that would perform a search as input and then use the webhook action to call the Create Role API to add the role you want. I haven't done something similar before but it looks possible.
As an example:
elasticsearch indexes = [1,2,3]
Search Base: ou=groups,dc=com
Search Filter: (member=cn=sthomps,ou=users,dc=com)
The user will be authenticated via SAML but authorized via LDAP. When they login, they should only be able to view indexes: 1 & 2 - not 3.
I think you could achieve your use case by implementing a custom role provider and having a role mapping configured to use role templates.
"names": [ "1", "2" ],
"privileges": [ "read" ]
You can check out the blog on how to write a custom extension and a custom role provider
Hope this helps.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.