Manage_security Cluster privilege without role settings

Greetings Everyone,

I am trying to set up Elasticsearch and Kibana for a minor logging project. I need to create a role in which the user has the access to create and delete users but cannot alter the definition of roles whatsoever i.e. A cluster privilege similar to manage_security but without the access to roles API/tab in the security.

Is this feasible anyhow? Help would be really appreciated!

Hi @pechora

On this site you can find all security privileges that you can assign to a role. I do not know if something like what you want is possible, but you can give it a try. Be careful, as some privileges rely on others. You can define these privileges either in Kibana or with POST-curl. Additionally you can define Spaces in Kibana to seperate i.e. data and management.

Hope this helps.


Something like this is not currently possible with our permission model. The short summary is that once a user has the permission to add users, they can create a user with a superuser role that can then alter the definition of roles.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.