Hi!
I was wondering - is it possible to give someone permission to read some indices AND also a permission to give read-only permissions to other users?
My point is: I have 5 indices and 5 people, each person has permissions to read only 1 index and I'd like to let this person be in charge of who reads their index and who can't.
yes you can do that.
you have to look in to space, roles and user
here is example
index1 -> user1 -> space1 -> role1
first create space1.
second create role1 and assign space1 to it
third create user1 and assign role1
Sorry but I don't understand - which roles/permissions should I give to user1 in space1 so he will be able to also give permissions to other users but, not like, superuser permissions?
I've tested your example and it seemed I had to give "security manager" role to the user, for him to be able to give permissions to others. But if he has the "security manager" role he can also give himself "superuser" role straight away and that's a bad idea.
not that I have no clue.
someone else might know
No, it is not possible to manage Elasticsearch permissions in that way.
Because ES security is built on a role based model, the only way to give a user the ability to read from an index is to modify one or more roles that are held by the target user.
A user who can modify roles can make any/all changes they wish to those roles - they cannot be restricted to only granting a particular level of access to particular indices.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.