Security roles

sentient · March 4, 2020, 5:03am

what is the minimal security role permission a user would need to access the
_cluster/health api

when I just look at the documentation https://www.elastic.co/guide/en/elasticsearch/reference/current/built-in-roles.html
I find it difficult to digest what is, and what is not exactly covered.

My initial thought was 'monitoring_user' but that did not work.

Using 'superuser' worked, but that seems a bit too much.

Is there some better documentation on the permissions? If it is not in a standard role, what would I have to grant access on a custom role to achieve this

Thanks

Wolfram_Haussig · March 4, 2020, 6:53am

Hi,

I guess you were looking for the privilege monitor:

All cluster read-only operations, like cluster health and state, hot threads, node info, node and cluster stats, and pending cluster tasks.

So you would have to create a new role which has the cluster privilege of monitor.

More details here: Security privileges | Elasticsearch Guide [7.6] | Elastic

Best regards
Wolfram

sentient · March 4, 2020, 3:48pm

Thanks!

system · April 1, 2020, 3:48pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Restrict user access to cluster/health Elasticsearch	2	504	March 24, 2017
Role privileges issue in elasticserach Elasticsearch elastic-stack-security	2	553	April 17, 2019
Anonymous user to access /_cluster/health? Elasticsearch	3	2360	October 26, 2018
[7.15.1] Allow GET _security/user avoiding permission bloat Elasticsearch elastic-stack-security	3	461	January 4, 2022
Right role to access https://$ES_HOST/_stats Elasticsearch	2	370	July 8, 2020

Security roles

Related topics