Defining Users to a Group and mapping the group

I have an query regarding granting access to the users in groups. I am not sure whether it is available in current config or not. Is there a way to map the users to a group in Searchguard.

For an instance: I have users like joe, jhon, and adam who belongs to HR

Currently I give access by mapping the user to index “sg_roles_mapping.yml” like

sg_Hr_index:

users:

  • adam

  • Joe

_ Jhon

By any chance can we define like in sg_internal-users.yml :

Hr_group:

username1: jhon

hash: XXXXXXXX

username2 : adam

An in sg_roles_maping.yml

sg_hr_index:

users:

- Hr_group

Kindly let me know is it possible or not .

This is possible, but you need to do it the other way round.

In your intern_users.yml, you can assign backend roles to users as well. Have a look at the sample config file we ship with Search Guard:

spock:
hash: $2a$12$GI9JXffO3WUjTsU7Yy3E4.LBxC2ILo66Zg/rr79BpikSL2IIRezQa
roles:
- vulcan
- starfleet

``

Please have also a look at the documentation regarding internal users:

https://github.com/floragunncom/search-guard-docs/blob/master/internalusers.md

So, you need in the sg_internal_users.yml something like:

joe:
hash: …
roles:
- hr

adam:
hash: …
roles:
- hr

``

And then in sg_roles_mapping.yml you would map the backend role “hr” to the Search Guard role like:

sg_hr_index:
backendroles:
- hr

``

···

On Wednesday, May 10, 2017 at 5:13:30 PM UTC+2, Yasvanth Babu wrote:

I have an query regarding granting access to the users in groups. I am not sure whether it is available in current config or not. Is there a way to map the users to a group in Searchguard.

For an instance: I have users like joe, jhon, and adam who belongs to HR

Currently I give access by mapping the user to index “sg_roles_mapping.yml” like

sg_Hr_index:

users:

  • adam

  • Joe

_ Jhon

By any chance can we define like in sg_internal-users.yml :

Hr_group:

username1: jhon

hash: XXXXXXXX

username2 : adam

An in sg_roles_maping.yml

sg_hr_index:

users:

- Hr_group

Kindly let me know is it possible or not .

I never thought of doing in different way. Will give a try. Thanks a million

···

On Wednesday, May 10, 2017 at 4:22:35 PM UTC+1, Jochen Kressin wrote:

This is possible, but you need to do it the other way round.

In your intern_users.yml, you can assign backend roles to users as well. Have a look at the sample config file we ship with Search Guard:

spock:
hash: $2a$12$GI9JXffO3WUjTsU7Yy3E4.LBxC2ILo66Zg/rr79BpikSL2IIRezQa
roles:
- vulcan
- starfleet

``

Please have also a look at the documentation regarding internal users:

https://github.com/floragunncom/search-guard-docs/blob/master/internalusers.md

So, you need in the sg_internal_users.yml something like:

joe:
hash: …
roles:
- hr

adam:
hash: …
roles:
- hr

``

And then in sg_roles_mapping.yml you would map the backend role “hr” to the Search Guard role like:

sg_hr_index:
backendroles:
- hr

``

On Wednesday, May 10, 2017 at 5:13:30 PM UTC+2, Yasvanth Babu wrote:

I have an query regarding granting access to the users in groups. I am not sure whether it is available in current config or not. Is there a way to map the users to a group in Searchguard.

For an instance: I have users like joe, jhon, and adam who belongs to HR

Currently I give access by mapping the user to index “sg_roles_mapping.yml” like

sg_Hr_index:

users:

  • adam

  • Joe

_ Jhon

By any chance can we define like in sg_internal-users.yml :

Hr_group:

username1: jhon

hash: XXXXXXXX

username2 : adam

An in sg_roles_maping.yml

sg_hr_index:

users:

- Hr_group

Kindly let me know is it possible or not .