Role that would allow a user to create index in ES

zaeemmasood · May 31, 2021, 4:20pm

Hi,

I am looking for a role that would allow a user to create indices in ES.

Basically I want to avoid assigning "superuser" role.

Please guide on what role can I assign? My configuration for ELK7.6.2 stack looks like below:

 elasticsearch {
     hosts => [ "xx-xx-xxx:23045" ]
     user => "pwatcher"
     password => "xxxxxxxx"
     index => "abcd.pwatcher_events-%{+YYYY.MM.dd}"
     manage_template => true
     template_overwrite => true
     template => "/opt/tal/ptal/elasticsearch/app/logstash/config/pwatcher_template.json"
     template_name => "pwatcher"
  }

Wolfram_Haussig · May 31, 2021, 4:28pm

Hi,

Were you looking for something like this?

POST _xpack/security/role/logstash_writer
{
  "cluster": ["manage_index_templates", "monitor", "manage_ilm"], 
  "indices": [
    {
      "names": [ "abcd.pwatcher_events-*" ], 
      "privileges": ["write","create","create_index","manage","manage_ilm"]  
    }
  ]
}

This will allow LogStash to write an index

Best regards
Wolfram

zaeemmasood · May 31, 2021, 5:28pm

Thanks. How about reading an index in ES?

is there a read_index privilege too?

Wolfram_Haussig · May 31, 2021, 5:30pm

Yes, the privilege is called read (see here for details

zaeemmasood · May 31, 2021, 9:05pm

Thanks

system · June 28, 2021, 9:05pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Logstash and auto-index creation with ECK Elastic Cloud on Kubernetes (ECK) elastic-stack-security	1	476	May 29, 2024
Roles required to create logs Elasticsearch	6	2682	January 18, 2020
Can't get logstash user to authenticate to ES Elasticsearch elastic-stack-security	5	2516	July 6, 2017
Elasticsearch put role API Elasticsearch	2	353	August 19, 2020
Permission to give permission to Indices Elasticsearch elastic-stack-security	5	2129	February 26, 2021

Role that would allow a user to create index in ES

Related topics