How to create a role that solely has the ability to add data, but not inspect delete or update data?

Hi, everyone!

I am trying to figure out how to create a role/privilege-set that allows only for the addition of data to the elastic search channel, not deletion or updating. For context, the use case is that we would like users of an application to be able to use a permissioned set of credentials to upload logging data to elastic search. However, users should not be able to delete data, alter uploaded data, inspect or explore already-uploaded data (such as the data of other users), etc. We figure we could create a user credential, apply this privilege restriction, and then users could use that credential.

I found the write privilege to be close to what I'm looking for, but per the documentation it "includes the permission to index, update, and delete documents as well as performing bulk operations. Also grants access to the update mapping action." That seems to be a superset of what I'm looking for, too much privilege.

I also found this discussion which seems to be very close to what I describe. The last message, from TimV, seems to imply it's possible to have a subset of the write privilege, but I have not found how to set that.

Is this possible? Have I missed something important? Thanks, everyone, for reading this, and thanks in advance for any help. I'll also happily provide any information I can, if that helps. :smile:

EDIT (5d later) :
I ended up solving this, so I'll post my solution. We were using Elastic package for golang. Creating a user with cluster privilege "monitor" and index privileges "view index metadata" and "create" ended up being the minimum set necessary to write.
If that ends up not working, the fallback plan is some kind of MIM situation where users send data to a queue or logstash, which then handles the elastic search credentials. Thanks again, everybody!

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.