I’ve used the sample config from the readme,
···
#####################################################
Settings based authorization (define users and their roles directly here in the settings. Note: this is per node)
searchguard.authentication.authorization.settingsdb.roles.spock: [“kolinahr”,“starfleet”,“command”]
searchguard.authentication.authorization.settingsdb.roles.admin: [“root”]
searchguard.authentication.authorization.settingsdb.roles.michaeljackson: [“kingofpop”,“superstar”]
#####################################################
#############################################################################################
#Below here you configure what authenticated and authorized users are allowed to do (or not)#
#This maps to the acl defined in the searchguard configuration index #
#############################################################################################
Configure the actionrequestfilter to allow or forbid action
searchguard.actionrequestfilter.names: [“readonly”]
searchguard.actionrequestfilter.readonly.allowed_actions: [“indices:data/read/*”, “monitor”]
searchguard.actionrequestfilter.readonly.forbidden_actions: [“cluster:", "indices:admin”]
``
and I’ve added the user roles in the sample acl under the searchguard index
curl -XPUT ‘http://localhost:9200/searchguard/ac/ac?pretty’ -d ’
{“acl”: [
{
“Comment”: “Default is to execute all filters”,
“filters_bypass”: ,
“filters_execute”: [““]
},
{
“Comment”: “Any authenticated user do anything on the ‘public’ index - no filter will be executed”,
“indices”: [“public”],
“filters_bypass”: [””],
“filters_execute”:
},
{
“Comment”: “This means any user with the role starfleet or command can do anything with the starfleetinfos index”,
“roles” : [“starfleet”, “command”],
“indices”: [“starfleetinfos”],
“filters_bypass”: [““],
“filters_execute”: []
},
{
“Comment”: “This means that every requestor (regardless of the requestors hostname and username) which has the root role can do anything”,
“roles”: [
“root”
],
“filters_bypass”: [””],
“filters_execute”:
},
{
“Comment”: “This means that the user michaeljackson can do anything on index popstuff.”,
“users”: [“michaeljackson”],
“indices”: [“popstuff”],
“filters_bypass”: [“*”],
“filters_execute”:
},
{
“Comment”: “This means that for the user spock on index popstuff only the actionrequestfilter.readonly will be executed, no other”,
“users”: [“spock”],
“indices”: [“popstuff”],
“filters_bypass”: ,
“filters_execute”: [“actionrequestfilter.readonly”]
}
]}’
``
I’ve also had to add
searchguard.check_for_root: false
``
since I’m running on a Windows machine as an admin user. Now when I start up my nodes, it doesn’t seem like there’s any security in place - I can curl anything and update docs/indexes without any prompts for authentication, which is probably related to the fact that my elasticsearch.bat files keep reloading their status every second with
[com.floragunn.searchguard.service.SearchGuardConfigService] Security configuration reloaded
``
Does anyone know what the problem might be? Thanks!