I am using Elastic Stack to store logs of multiple servers. I need to make the logs/document immutable, i.e. Write-once only. There is a compliance requirement to prevent alteration of logs. I am using Elasticsearch 7.10.2 with Basic license. I am unable to find anything to achieve this, apart from an external vendor called search-guard. Can anyone help?
How about Security privileges | Elasticsearch Guide [7.16] | Elastic ?
If you deprive
index...etc from every role and add just
create_doc and other necessary priviledges, the docs could be immutable as a result. It is not as simple as just tag
"immutable" to index settings, you will need to give careful consideration to the design of index names and roles.
So you mean I need to simulate this using a combination of privileges and there's no native setting to do that?
I think so. As far as I know, there is no such native setting.
Welcome to our community!
The native setting is the included Security functionality that lets you create these sorts of access limitations.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.