@Bargs I have 2 roles for which I want to set role based access.
1) Manager 2) Developer
I've created these two roles along with kibana4-server role,
Following is my roles.yml file,
# All cluster rights
# All operations on all indices
admin:
cluster: all
indices:
'*':
privileges: all
# monitoring cluster privileges
# All operations on all indices
power_user:
cluster: monitor
indices:
'*':
privileges: all
# Read-only operations on indices
manager:
indices:
'*':
privileges: all
developer:
cluster:
- cluster:monitor/nodes/info
- cluster:monitor/health
indices:
'wosiindex2':
privileges: indices:data/read/mget, indices:admin/mappings/fields/get, indices:admin/validate/query, indices:data/read/search, indices:data/read/msearch, indices:admin/get
# Defines the required permissions for transport clients
transport_client:
cluster:
- cluster:monitor/nodes/liveness
#uncomment the following for sniffing
#- cluster:monitor/state
# The required permissions for kibana 4 users.
kibana4:
cluster:
- cluster:monitor/nodes/info
- cluster:monitor/health
indices:
'*':
privileges: indices:admin/mappings/fields/get, indices:admin/validate/query, indices:data/read/search, indices:data/read/msearch, indices:admin/get
'.kibana':
privileges: indices:admin/exists, indices:admin/mapping/put, indices:admin/mappings/fields/get, indices:admin/refresh, indices:admin/validate/query, indices:data/read/get, indices:data/read/mget, indices:data/read/search, indices:data/write/delete, indices:data/write/index, indices:data/write/update, indices:admin/create
# The required permissions for the kibana 4 server
kibana4_server:
cluster:
- cluster:monitor/nodes/info
- cluster:monitor/health
indices:
'.kibana':
privileges: indices:admin/create, indices:admin/exists, indices:admin/mapping/put, indices:admin/mappings/fields/get, indices:admin/refresh, indices:admin/validate/query, indices:data/read/get, indices:data/read/mget, indices:data/read/search, indices:data/write/delete, indices:data/write/index, indices:data/write/update, indices:admin/create
# The required role for logstash users
logstash:
cluster: indices:admin/template/get, indices:admin/template/put
indices:
'logstash-*':
privileges: indices:data/write/bulk, indices:data/write/delete, indices:data/write/update, indices:data/read/search, indices:data/read/scroll, create_index
'*':
privileges: all
# Marvel user role. Assign to marvel users.
marvel_user:
indices:
'.marvel-es-*':
privileges: read
'.kibana':
privileges: indices:admin/exists, indices:admin/mappings/fields/get, indices:admin/validate/query, indices:data/read/get, indices:data/read/mget, indices:data/read/search
# Marvel remote agent role. Assign to the agent user on the remote marvel cluster
# to which the marvel agent will export all its data
remote_marvel_agent:
cluster: indices:admin/template/put, indices:admin/template/get
indices:
'.marvel-es-*':
privileges: all
kibana.yml file is as follows,
elasticsearch.username: kibana4-server
elasticsearch.password: abc123
kibana_elasticsearch_username: kibana4-server
kibana_elasticsearch_password: abc123
esusers list command shows,
D:\Users\elasticsearch-2.1.0\bin> shield\esusers list
aviral : developer
logstash : logstash
chirag : manager
kibana4-server : kibana4_server
I have created two indices namely wosiindex and wosiindex2
If I log in as chirag, I can see, read both the indices
But If I log in as aviral, the above, Courier Fetch Error: unhandled error Error: [security_exception] action [indices:data/read/mget] error is displayed.