Role that would allow a user to create index in ES

zaeemmasood · May 31, 2021, 4:20pm

Hi,

I am looking for a role that would allow a user to create indices in ES.

Basically I want to avoid assigning "superuser" role.

Please guide on what role can I assign? My configuration for ELK7.6.2 stack looks like below:

 elasticsearch {
     hosts => [ "xx-xx-xxx:23045" ]
     user => "pwatcher"
     password => "xxxxxxxx"
     index => "abcd.pwatcher_events-%{+YYYY.MM.dd}"
     manage_template => true
     template_overwrite => true
     template => "/opt/tal/ptal/elasticsearch/app/logstash/config/pwatcher_template.json"
     template_name => "pwatcher"
  }

Wolfram_Haussig · May 31, 2021, 4:28pm

Hi,

Were you looking for something like this?

POST _xpack/security/role/logstash_writer
{
  "cluster": ["manage_index_templates", "monitor", "manage_ilm"], 
  "indices": [
    {
      "names": [ "abcd.pwatcher_events-*" ], 
      "privileges": ["write","create","create_index","manage","manage_ilm"]  
    }
  ]
}

This will allow LogStash to write an index

Best regards
Wolfram

zaeemmasood · May 31, 2021, 5:28pm

Thanks. How about reading an index in ES?

is there a read_index privilege too?

Wolfram_Haussig · May 31, 2021, 5:30pm

Yes, the privilege is called read (see here for details

zaeemmasood · May 31, 2021, 9:05pm

Thanks

Topic		Replies	Views
Roles required to create logs Elasticsearch	6	3041	January 18, 2020
Elastic privilege to create index Elasticsearch elastic-stack-security	2	423	April 15, 2020
A user who can create, delete their indexes but restricted to deleting others' Elasticsearch	4	230	February 19, 2024
Elasticsearch put role API Elasticsearch	2	391	August 19, 2020
Can logstash_admin built-in role make indices? Logstash	1	194	November 2, 2022

Role that would allow a user to create index in ES

Related topics