You can definitely define roles in roles.yml file (file realm) or through the API (Native realm). You can map the roles via the role_mapping.yml. I am a bit unclear as what issues you are facing.
Are you saying you would like to manage file based roles via the UI?
I want to set up authorization and authentication using active dir I did some config but I am not able to use it properly when I go to localhost:9200 I do get prompt for user is and password and if I give wrong password it does not go further but when I give correct password I get 403. I need to setup user and there role using AD.
{"error":{"root_cause":[{"type":"security_exception","reason":"action [cluster:monitor/main] is unauthorized for user [90008322]"}],"type":"security_exception","reason":"action [cluster:monitor/main] is unauthorized for user [90008322]"},"status":403}
when accessing local:9200
even though i added like this in my role mapping yml
Role mapping configuration file which has elasticsearch roles as keys
that map to one or more user or group distinguished names
#roleA: this is an elasticsearch role
- groupA-DN this is a group distinguished name
- groupB-DN
- user1-DN this is the full user distinguished name
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.