Role privileges issue in elasticserach

I have assigned the privilege monitor to a role in elasticserach . As provided in the documentation of elasticsearch the monitor privilege - Can access all cluster read-only operations, like cluster health and settings etc.
The _cluster/settings gets the cluster settings. I want to block the user having monitor privilege from accessing the above API. .
Please let me know how i can block the privilege monitor from accessing the details present inside _cluster/settings.

Thanks in Advance.

Hi @B123,

Cluster settings (persistent and transient) are queried from the cluster state.
So if you want to block user from having a monitor privilege just on _cluster/settings but have access to cluster state would not be possible.
To block user from accessing cluster state (including cluster/settings) you can create a custom role:

POST /_xpack/security/role/custom_role '{ "cluster": [ "cluster:monitor/task", "cluster:monitor/health", "cluster:monitor/nodes/*", "cluster:monitor/tasks/*", "cluster:monitor/main", "cluster:monitor/stats", "cluster:monitor/allocation/*", "cluster:monitor/remote/*" ] }'

Note it does not have privilege: cluster:monitor/state

Or you could use pre-built role monitoring_user

You will need to see what version of ES you are on and then decide on the privileges list.

Hope this is helpful.

Yogesh Gaikwad

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.