Security privileges
editSecurity privileges
editThis section lists the privileges that you can assign to a role.
Cluster privileges
edit
|
All cluster administration operations, like snapshotting, node shutdown/restart, settings update, rerouting, or managing users and roles. |
|
Privileges to cancel tasks and delete async searches. See delete async search API for more informations. |
|
Privileges to create snapshots for existing repositories. Can also list and view details on existing repositories and snapshots. This privilege is not available in Elastic Cloud Serverless. |
|
Privileges to connect to remote clusters configured with the API key based model for cross-cluster replication. This privilege is not available in Elastic Cloud Serverless. This privilege should not be directly granted. It is used internally by Create Cross-Cluster API key and Update Cross-Cluster API key to manage cross-cluster API keys. |
|
Privileges to connect to remote clusters configured with the API key based model for cross-cluster search. This privilege is not available in Elastic Cloud Serverless. This privilege should not be directly granted. It is used internally by Create Cross-Cluster API key and Update Cross-Cluster API key to manage cross-cluster API keys. |
|
Privileges to create Elasticsearch API keys on behalf of other users. This privilege is not available in Elastic Cloud Serverless. |
|
Builds on |
|
All security-related operations on Elasticsearch REST API keys including creating new API keys, retrieving information about API keys, querying API keys, updating API key, bulk updating API keys, and invalidating API keys.
|
|
All operations related to managing autoscaling policies. This privilege is not available in Elastic Cloud Serverless. |
|
All cross-cluster replication operations related to managing follower indices and auto-follow patterns. It also includes the authority to grant the privileges necessary to manage follower indices and auto-follow patterns. This privilege is necessary only on clusters that contain follower indices. This privilege is not available in Elastic Cloud Serverless. |
|
All operations related to managing transforms.
[7.5]
Deprecated in 7.5.
Use This privilege is not available in Elastic Cloud Serverless. |
|
This privilege has no effect. [8.16] Deprecated in 8.16. |
|
All operations related to managing and executing enrich policies. |
|
All index lifecycle management operations related to managing policies. This privilege is not available in Elastic Cloud Serverless. |
|
All operations on index templates. |
|
All operations related to managing inference. |
|
All operations on ingest pipelines. |
|
All operations on logstash pipelines. |
|
All machine learning operations, such as creating and deleting datafeeds, jobs, and model snapshots. Datafeeds that were created prior to version 6.2 or created when security features were disabled run as a system user with elevated privileges, including permission to read all indices. Newer datafeeds run with the security roles of the user who created or updated them. |
|
Enables the use of Elasticsearch APIs (OpenID connect prepare authentication, OpenID connect authenticate, and OpenID connect logout) to initiate and manage OpenID Connect authentication on behalf of other users. This privilege is not available in Elastic Cloud Serverless. |
|
All security-related operations on Elasticsearch API keys that are owned by the current authenticated user. The operations include creating new API keys, retrieving information about API keys, querying API keys, updating API key, bulk updating API keys, and invalidating API keys. |
|
All operations on ingest pipelines. |
|
All rollup operations, including creating, starting, stopping and deleting rollup jobs. This privilege is not available in Elastic Cloud Serverless. |
|
Enables the use of internal Elasticsearch APIs to initiate and manage SAML authentication on behalf of other users. This privilege is not available in Elastic Cloud Serverless. |
|
All CRUD operations on search applications. |
|
All CRUD operations on query rules. |
|
All synonyms management operations on Synonyms APIs. |
|
All security-related operations such as CRUD operations on users and roles and cache clearing. |
|
All security-related operations on Elasticsearch service accounts including Get service accounts, Create service account tokens, Delete service account token, and Get service account credentials. This privilege is not available in Elastic Cloud Serverless. |
|
All snapshot lifecycle management (SLM) actions, including creating and updating policies and starting and stopping SLM. This privilege is not available in Elastic Cloud Serverless. [8.15] Deprecated in 8.15. Also grants the permission to start and stop index lifecycle management, using the ILM start and ILM stop APIs. In a future major release, this privilege will not grant any index lifecycle management permissions. |
|
All security-related operations on tokens that are generated by the Elasticsearch Token Service. This privilege is not available in Elastic Cloud Serverless. |
|
All operations related to managing transforms. |
|
All watcher operations, such as putting watches, executing, activate or acknowledging. This privilege is not available in Elastic Cloud Serverless. Watches that were created prior to version 6.1 or created when the security features were disabled run as a system user with elevated privileges, including permission to read and write all indices. Newer watches run with the security roles of the user who created or updated them. |
|
All cluster read-only operations, like cluster health and state, hot threads, node info, node and cluster stats, and pending cluster tasks. |
|
This privilege has no effect. [8.16] Deprecated in 8.16. |
|
All read-only operations related to managing and executing enrich policies. |
|
All read-only operations related to inference. |
|
All read-only machine learning operations, such as getting information about datafeeds, jobs, model snapshots, or results. |
|
All read-only rollup operations, such as viewing the list of historical and currently running rollup jobs and their capabilities. This privilege is not available in Elastic Cloud Serverless. |
|
Privileges to list and view details on existing repositories and snapshots. This privilege is not available in Elastic Cloud Serverless. |
|
All read-only operations related to the find structure API. This privilege is not available in Elastic Cloud Serverless. |
|
All read-only operations related to transforms. |
|
All read-only watcher operations, such as getting a watch and watcher stats. This privilege is not available in Elastic Cloud Serverless. |
|
All read-only cross-cluster replication operations, such as getting information about indices and metadata for leader indices in the cluster. It also includes the authority to check whether users have the appropriate privileges to follow leader indices. This privilege is necessary only on clusters that contain leader indices. This privilege is not available in Elastic Cloud Serverless. |
|
All read-only index lifecycle management operations, such as getting policies and checking the status of index lifecycle management This privilege is not available in Elastic Cloud Serverless. |
|
Read-only access to ingest pipeline (get, simulate). |
|
All read-only SLM actions, such as getting policies and checking the SLM status. This privilege is not available in Elastic Cloud Serverless. [8.15] Deprecated in 8.15. Also grants the permission to get the index lifecycle management status, using the ILM get status API. In a future major release, this privilege will not grant any index lifecycle management permissions. |
|
All read-only security-related operations, such as getting users, user profiles, Elasticsearch API keys, Elasticsearch service accounts, roles and role mappings. Allows querying and retrieving information on all Elasticsearch API keys. |
|
All privileges necessary for a transport client to connect. Required by the remote cluster to enable cross-cluster search. This privilege is not available in Elastic Cloud Serverless. |
Indices privileges
edit
|
Any action on an index or data stream. |
|
Permits auto-creation of indices and data streams. An auto-create action is the result of an index or bulk request that targets a non-existent index or data stream rather than an explicit create index or create data stream request. Also permits auto-update of mappings on indices and data streams if they do not contradict existing mappings. An auto-update mapping action is the result of an index or bulk request on an index or data stream that contains new fields that may be mapped rather than an explicit update mapping request. |
|
Privilege to index documents. [8.0] Deprecated in 8.0. Also grants the permission to update the index mapping (but not the data streams mapping), using the updating mapping API or by relying on dynamic field mapping. In a future major release, this privilege will not grant any mapping update permissions. This privilege does not restrict the index operation to the creation
of documents but instead restricts API use to the index API. The index API
allows a user to overwrite a previously indexed document. See the |
|
Privilege to index documents. It does not grant the permission to update or overwrite existing documents. [8.0] Deprecated in 8.0. Also grants the permission to update the index mapping (but not the data streams mapping), using the updating mapping API or by relying on dynamic field mapping. In a future major release, this privilege will not grant any mapping update permissions. This privilege relies on the
|
|
Privilege to create an index or data stream. A create index request may contain
aliases to be added to the index once created. In that case the request
requires the |
|
Privileges to perform cross-cluster replication for indices located on
remote clusters configured with the API key based model.
This privilege should only be used for
the This privilege is not available in Elastic Cloud Serverless. |
|
Privileges to perform supporting actions for cross-cluster replication from remote clusters configured with the API key based model. This privilege is not available in Elastic Cloud Serverless. This privilege should not be directly granted. It is used internally by Create Cross-Cluster API key and Update Cross-Cluster API key to manage cross-cluster API keys. |
|
Privilege to delete documents. |
|
Privilege to delete an index or data stream. |
|
Privilege to index and update documents. [8.0] Deprecated in 8.0. Also grants the permission to update the index mapping (but not the data streams mapping), using the updating mapping API or by relying on dynamic field mapping. In a future major release, this privilege will not grant any mapping update permissions. |
|
Permits refresh, flush, synced flush and force merge index administration operations. No privilege to read or write index data or otherwise manage the index. |
|
All |
|
All Data stream lifecycle operations relating to reading and managing the built-in lifecycle of a data stream. This includes operations such as adding and removing a lifecycle from a data stream. |
|
All actions that are required to manage the lifecycle of a follower index, which includes creating a follower index, closing it, and converting it to a regular index. This privilege is necessary only on clusters that contain follower indices. This privilege is not available in Elastic Cloud Serverless. |
|
All index lifecycle management operations relating to managing the execution of policies of an index or data stream. This includes operations such as retrying policies and removing a policy from an index or data stream. This privilege is not available in Elastic Cloud Serverless. |
|
All actions that are required to manage the lifecycle of a leader index, which includes forgetting a follower. This privilege is necessary only on clusters that contain leader indices. This privilege is not available in Elastic Cloud Serverless. |
|
All actions that are required for monitoring (recovery, segments info, index stats and status). |
|
Read-only access to actions (count, explain, get, mget, get indexed scripts, more like this, multi percolate/search/termvector, percolate, scroll, clear_scroll, search, suggest, tv). |
|
Read-only access to the search action from a remote cluster. This privilege is not available in Elastic Cloud Serverless. |
|
Read-only access to index and data stream metadata (aliases, exists, field capabilities, field mappings, get index, get data stream, ilm explain, mappings, search shards, settings, validate query). This privilege is available for use primarily by Kibana users. |
|
Privilege to perform all write operations to documents, which includes the permission to index, update, and delete documents as well as performing bulk operations, while also allowing to dynamically update the index mapping. [8.0] Deprecated in 8.0. It also grants the permission to update the index mapping (but not the data streams mapping), using the updating mapping API. This will be retracted in a future major release. |
Run as privilege
editThe run_as
permission enables an authenticated user to submit requests on
behalf of another user. The value can be a user name or a comma-separated list
of user names. (You can also specify users as an array of strings or a YAML
sequence.) For more information, see
Submitting requests on behalf of other users.
This privilege is not available in Elastic Cloud Serverless.
Application privileges
editApplication privileges are managed within Elasticsearch and can be retrieved with the has privileges API and the get application privileges API. They do not, however, grant access to any actions or resources within Elasticsearch. Their purpose is to enable applications to represent and store their own privilege models within Elasticsearch roles.
To create application privileges, use the add application privileges API. You can then associate these application privileges with roles, as described in Defining roles.