INDEX action group

I’m trying to migrate a cluster from Elasticsearch 6 to 7 and am going through our custom roles and changing the action groups they use per Upgrading from 6.x to 7.x | Security for Elasticsearch | Search Guard

We have some roles which use an action group called INDEX. E.g.

    - indices:data/read/scroll
    - indices:data/read/scroll/clear
        - READ
        - indices:monitor/settings/get
        - indices:admin/get
        - MANAGE
        - INDEX
        - READ
        - DELETE

INDEX is an action group which is defined by default in Search Guard 6. I double checked it wasn’t something I or my colleagues had made by unziping and looking at sg_action_groups.yml and it is there,

mike@foo:tmp>unzip -q
mike@foo:tmp>grep -A7 ^INDEX: sgconfig/sg_action_groups.yml 
  readonly: true
    - "indices:data/write/index*"
    - "indices:data/write/update*"
    - "indices:admin/mapping/put"
    - "indices:data/write/bulk*"


But I cannot see INDEX mentioned at Upgrading from 6.x to 7.x | Security for Elasticsearch | Search Guard
Nor can I see it mentioned at Action Groups | Elasticsearch Security | Search Guard

Am I failing to see it or is it really not mentioned? And if it’s really not mentioned, then what do I do about this action group which is defined but undocumented?

There appears to be an SGS_INDEX action group defined in Search Guard now

So is that what I should use instead of INDEX ? I still can’t find any reference to INDEX or SGS_INDEX in the documentation.

@mikew You’re correct. SG_INDEX is the same as INDEX, and both are not documented in any version of SG documentation.
It will be reported to the dev team.

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.