in the ES guidelines, there does not have too much talks about what the "manage tokne" privilege can be used do. I want to know whether the manage token privilege can be used to update cluster settings, such as security, or some other stuff.
Hi @ChatLee - Thanks for reaching out. Based on your question, I'd suggest reaching out to the folks in elastic-stack-security . I'll re-tag your initial question so it shows up on their radar!
From Elastic Security to Elasticsearch
Added elastic-stack-security
sure, thanks for your hlep
The documentation says:
manage_token
All security-related operations on tokens that are generated by the Elasticsearch Token Service.
That means it gives access to the APIs listed in the Tokens section here
If you can give us a bit more info about the purpose of your question we can probably provide more useful help.
Are you trying to decide on the privileges you need for a role you're creating, or trying to understand what an existing role is permitted to do, or something else?
Hi, thanks for your info firstly, what i want to know is if it's safe to create an account with manage_token privilege for the customer users, the clusters are maintained by the central team. So that's the reason why i submitted this question: if the customer user has an account with manage_token privilege, can the user has the ability to modify configurations that are not related to token generation?
No. manage_token
only grants access to token APIs and those APIs cannot be used to change cluster configuration.
Got it, thanks a lot for your explanation
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.