If the Elasticsearch security features are enabled, you must have the monitor or managecluster privilege to use this API.
... but there is no link to what these "security features" are, either generally or specifically. I can find things like "Basic Security", etc. but not the "elastic security features" that this doc page refers to. What does "elastic security features" mean, specifically?
Its is everything under this section of the documents
Everything from simple basic authentication.... to a fully locked down cluster using SSL, SAML and field level security... All Elastic Stack resources can be / are control by a strong and flexible RBAC (Role Based Access Control) capability.
So any single one of those things being turned on/configured will constitute "Elasticsearch security features" as being enabled for the context of the referenced docs pages?
Once you enable Authorization (username / password) and Authorization (Role Based Control) that user will need the correct mentioned roles to use certain APIs.
Before you apply the security features your cluster and endpoints are basically unauthenticated and thus wide open... perhaps that is ok to test on your dev station but certainly not recommended for production etc.
We'd end up with tonnes of cross links if we did that every time, so while I can appreciate your confusion here, I am not sure doing that would be any better.
The point was that the API pages were vaguely referring to "Elasticsearch security features enabled", and that phrase/text does not specifically identify or match a specific page or section anywhere else in the rest of the documentation.
Besides, the web was designed for linking. Why is there any hesitation to using hyperlinks?
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.