Thanks @ikakavas I just started there.
After creating a role through roles.yml and then using that role to configure anonymous user as the documentation says as below,
part of elasticsearch.yml
run_as: [ 'anonymous_user' ]
- names: [ '*' ]
privileges: [ 'read' ]
I tried to do a PUT operation to change the replication setting of the cluster without any username and password. I was kind of expecting it to fail as There weren't any cluster level permissions given for anonymous user. But it succeeded.
Does that mean my changes weren't applied? (may be because 'xpack.security.enabled: true' setting was not in elasticsearch.yml? )