Handle delete_by_query using POST in SG

Search Guard
1
  • ES version: 5.6.8
  • Searg Gaurd version: 5.5.6.8-19
  • Java: 1.8
  • OS: Ubuntu:14.04
  • No ELK stack
  • Only SG plugin and Cerebro plugin

I have a query. Let’s assume I have assigned a user to the group where WRITE (POST) is defined. And, if the user is firing _delete_by_query using POST request then the user is able to delete the indices. Logically, the user should not be able to delete but the user is using the POST as method hence he satisfies the logic. We know ES doesn’t satisfy or follow REST semantics correctly.

Is there any way in SG where we can restrict or handle such kind of requests? If such issue has already been addressed then please redirect me to that link else suggest us on this. It would be of great help if there is any readmade example for the same.

Reference: https://www.elastic.co/guide/en/elasticsearch/reference/current/docs-delete-by-query.html

It would be of great learning to us.
Thanks!

2

pls be more specific about your use case.

in general SG does not operate on REST level directly, but on the parsed requests which make it independent from REST semantics.

for example its totally possible to have a user which is allowed normal delete but not delete by query. or a user which can write and read but not delete, etc …

···

On Friday, 4 May 2018 11:20:42 UTC+2, Sahil Sharma wrote:

  • ES version: 5.6.8
  • Searg Gaurd version: 5.5.6.8-19
  • Java: 1.8
  • OS: Ubuntu:14.04
  • No ELK stack
  • Only SG plugin and Cerebro plugin

I have a query. Let’s assume I have assigned a user to the group where WRITE (POST) is defined. And, if the user is firing _delete_by_query using POST request then the user is able to delete the indices. Logically, the user should not be able to delete but the user is using the POST as method hence he satisfies the logic. We know ES doesn’t satisfy or follow REST semantics correctly.

Is there any way in SG where we can restrict or handle such kind of requests? If such issue has already been addressed then please redirect me to that link else suggest us on this. It would be of great help if there is any readmade example for the same.

Reference: https://www.elastic.co/guide/en/elasticsearch/reference/current/docs-delete-by-query.html

It would be of great learning to us.
Thanks!