Permission to give permission to Indices

Hi!
I was wondering - is it possible to give someone permission to read some indices AND also a permission to give read-only permissions to other users?

My point is: I have 5 indices and 5 people, each person has permissions to read only 1 index and I'd like to let this person be in charge of who reads their index and who can't.

yes you can do that.

you have to look in to space, roles and user

here is example
index1 -> user1 -> space1 -> role1

first create space1.
second create role1 and assign space1 to it
third create user1 and assign role1

Sorry but I don't understand - which roles/permissions should I give to user1 in space1 so he will be able to also give permissions to other users but, not like, superuser permissions?

I've tested your example and it seemed I had to give "security manager" role to the user, for him to be able to give permissions to others. But if he has the "security manager" role he can also give himself "superuser" role straight away and that's a bad idea.

not that I have no clue.
someone else might know

No, it is not possible to manage Elasticsearch permissions in that way.

Because ES security is built on a role based model, the only way to give a user the ability to read from an index is to modify one or more roles that are held by the target user.
A user who can modify roles can make any/all changes they wish to those roles - they cannot be restricted to only granting a particular level of access to particular indices.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.