I'm new to Elasticsearch. We have the need for multiple applications to share the same cluster and restrict indices privileges to those owned by that team.
I see the application api to create/update application privileges in the reference doc. The application name, privilege name, action name appear to be any value we want as long as conforming to naming rules, but there is no context offered as to the use case for creating application privileges.
I'm looking for plain language background on the concept of applications and when they should be used. It might not be applicable to my need but still would like to understand how application definitions should be used. I can find no explanation in the doc or with google. Thanks for your help.
Hi Mark thanks for your reply. I tried posting a link initially but the forum page said pastes are not allowed which is frustrating for long hyperlinks.
Here is the api I'm referring to (typing it all in):
Again looking for background context in how this api should be used. Thanks much. -
For the use case you have, you almost certainly want to have a "user" per application (or perhaps several users) and grant each user a role that restricts them to the relevant indices, through the "indices" section of the role.
Application privileges are managed within Elasticsearch and can be retrieved with the has privileges API and the get application privileges API. They do not, however, grant access to any actions or resources within Elasticsearch. Their purpose is to enable applications to represent and store their own privilege models within Elasticsearch roles.
Application privileges are a way for applications that are built on top of Elasticsearch to use Elasticsearch's security model to implement access control for resources that exist within that application. You only want to do that if you are building something that is very tightly integrated with Elasticsearch (e.g. Kibana).
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.
