Role that would allow a user to create index in ES

Hi,

I am looking for a role that would allow a user to create indices in ES.

Basically I want to avoid assigning "superuser" role.

Please guide on what role can I assign? My configuration for ELK7.6.2 stack looks like below:

 elasticsearch {
     hosts => [ "xx-xx-xxx:23045" ]
     user => "pwatcher"
     password => "xxxxxxxx"
     index => "abcd.pwatcher_events-%{+YYYY.MM.dd}"
     manage_template => true
     template_overwrite => true
     template => "/opt/tal/ptal/elasticsearch/app/logstash/config/pwatcher_template.json"
     template_name => "pwatcher"
  }

Hi,

Were you looking for something like this?

POST _xpack/security/role/logstash_writer
{
  "cluster": ["manage_index_templates", "monitor", "manage_ilm"], 
  "indices": [
    {
      "names": [ "abcd.pwatcher_events-*" ], 
      "privileges": ["write","create","create_index","manage","manage_ilm"]  
    }
  ]
}

This will allow LogStash to write an index

Best regards
Wolfram

1 Like

Thanks. How about reading an index in ES?

is there a read_index privilege too?

Yes, the privilege is called read (see here for details

Thanks

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.