Elasticsearch security related question


I am wondering if after enabling xpack security feature and generating the passwords can I start using the feature with those usernames/passwords without having to create any other users.



Interesting, looking at the beats_system role it only has access to the .monitoring_beats index with create and create_index access. I don't understand how would it be able to create different indices for packetbeat, filebeat, heartbeat and other beats that might be running on.

I meant that at least you can use the elastic user which is basically an admin to do whatever you want.

I'm not saying that's the right thing to do though. So you can directly use the other products but you should probably create appropriate users first.

OK, it's clear now. I was confused by the video from the security blog post/video where the guy was using beats_system user to inject the information into elasticsearch. When I was looking at the roles I've seen that the beats_system user has no rights to create/write in any other index except the one mentioned above.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.