Hi Everyone,
I am trying to set up basic elastic administration using SG following Demo users and role | Security for Elasticsearch | Search Guard docs. However, I am unable to produce the desired effect. The whole setup is run in docker containers with mounted config files.
I have users:
admin - should have all rights
logstash - Should be able to write and create indices
curator - Should be able to delete old indices
OPS: should be able to RW but only on index ‘docker-*’
ACC: should be able to RO but only on index ‘invoices-*’
But despite all effort, I can’t get the settings to work as intended (eg. ACC user can see ‘docker*’ indices), please could you help - tell me what I do wrong?
I tried this:
sg_internal_users.yml
admin:
hash: '$2y$12$gNVSJeeCHOIKIvxYGKygrO1EF9hoqGaJT4ZFd/LaayNXsWpmgLdGO' #test
backend_roles:
- admin
OPS:
hash: '$2y$12$gNVSJeeCHOIKIvxYGKygrO1EF9hoqGaJT4ZFd/LaayNXsWpmgLdGO' #test
backend_roles:
- kibana_user_OPS
ACC:
hash: '$2y$12$gNVSJeeCHOIKIvxYGKygrO1EF9hoqGaJT4ZFd/LaayNXsWpmgLdGO' #test
backend_roles:
- kibana_user_ACC
sg_roles_mapping.yml
_sg_meta:
type: "rolesmapping"
config_version: 2
kibana_user_OPS:
backend_roles:
- "read_only_OPS"
hosts:
- "*"
kibana_user_ACC:
backend_roles:
- "read_only_ACC"
hosts:
- "*"
admin:
backend_roles:
- "admin"
hosts:
- "*"
sg_roles.yml
_sg_meta:
type: "roles"
config_version: 2
read_only:
cluster_permissions: []
index_permissions:
- index_patterns:
- "*"
allowed_actions:
- "READ"
read_only_ACC:
cluster_permissions: []
index_permissions:
- index_patterns:
- "invoices*"
allowed_actions:
- "READ"
read_only_OPS:
cluster_permissions: []
index_permissions:
- index_patterns:
- "docker*"
allowed_actions:
- "READ"
admin:
cluster_permissions:
- "ALL"
index_permissions:
- index_patterns:
- "*"
allowed_actions:
- "ALL"