Hi!
I was wondering - is it possible to give someone permission to read some indices AND also a permission to give read-only permissions to other users?
My point is: I have 5 indices and 5 people, each person has permissions to read only 1 index and I'd like to let this person be in charge of who reads their index and who can't.
Sorry but I don't understand - which roles/permissions should I give to user1 in space1 so he will be able to also give permissions to other users but, not like, superuser permissions?
I've tested your example and it seemed I had to give "security manager" role to the user, for him to be able to give permissions to others. But if he has the "security manager" role he can also give himself "superuser" role straight away and that's a bad idea.
No, it is not possible to manage Elasticsearch permissions in that way.
Because ES security is built on a role based model, the only way to give a user the ability to read from an index is to modify one or more roles that are held by the target user.
A user who can modify roles can make any/all changes they wish to those roles - they cannot be restricted to only granting a particular level of access to particular indices.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.