Would it be possible to allow setting explicit indexes when the URL
accessed is the /_bulk root, with no index specified in the URL?
This way if a user is allowed to access /_bulk, he can work as if
allow_explicit_index is false, while if a user is only allowed to access
specific {index}/_bulk urls, he is effectively contained.
With the current rules, the only way to allow bulk access with explicit
index to one user is to set allow_explicit_index to true and thus allow
full access to everybody with bulk access.
Maybe this feature is not that high-priority, I see that access control in
general does not seem to be the focus of elasticsearch. But if this is an
easy change, would this work?
Would it be possible to allow setting explicit indexes when the URL
accessed is the /_bulk root, with no index specified in the URL?
This way if a user is allowed to access /_bulk, he can work as if
allow_explicit_index is false, while if a user is only allowed to access
specific {index}/_bulk urls, he is effectively contained.
With the current rules, the only way to allow bulk access with explicit
index to one user is to set allow_explicit_index to true and thus allow
full access to everybody with bulk access.
Maybe this feature is not that high-priority, I see that access control in
general does not seem to be the focus of elasticsearch. But if this is an
easy change, would this work?
Hello,
When url-based access control is used for bulk requests
rest.action.multi.allow_explicit_index: false
http://www.elasticsearch.org/guide/en/elasticsearch/reference/current/url-access-control.html
It forbids explicitly setting the index in the request body
regardless of the bulk url used.
Would it be possible to allow setting explicit indexes when the
URL accessed is the /_bulk root, with no index specified in the URL?
This way if a user is allowed to access /_bulk, he can work as if
allow_explicit_index is false, while if a user is only allowed to
access specific {index}/_bulk urls, he is effectively contained.
With the current rules, the only way to allow bulk access with
explicit index to one user is to set allow_explicit_index to true
and thus allow full access to everybody with bulk access.
Maybe this feature is not that high-priority, I see that access
control in general does not seem to be the focus of elasticsearch.
But if this is an easy change, would this work?
Thanks,
Ivan
--
You received this message because you are subscribed to the Google
Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it,
send an email to elasticsearch+unsubscribe@googlegroups.com
<mailto:elasticsearch+unsubscribe@googlegroups.com>.
To view this discussion on the web visit
https://groups.google.com/d/msgid/elasticsearch/58bee79e-2e30-4dc2-809b-d2b6ba275336%40googlegroups.com
<https://groups.google.com/d/msgid/elasticsearch/58bee79e-2e30-4dc2-809b-d2b6ba275336%40googlegroups.com?utm_medium=email&utm_source=footer>.
For more options, visit https://groups.google.com/d/optout.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.
