REST API for index restrictions

Search Guard 6.5.3

Elasticsearch 6.5.3

JVM 1.8

Ubuntu Linux 18.04.1

Are there REST APIs for assigning access controls to individual elasticsearch indexes? For example, restricting access to a particular index to a specific SG user or SG group?

Looking at the documents, it appears that I could use the REST api to create roles that restrict access to specific indexes and then assign those roles to a user - is that correct?

thanks!

Yes, the most common way is to:

  1. Create Search Guard roles that implement the access restrictions you want
  1. Map users by their username or backend roles to the Search Guard roles defined in 1)

As a side note, you can also skip the step of mapping users to SG roles, for example, if you want to use LDAP or AD group names directly:

But that is a special case and really only useful for the said LDAP/AD case.

···

On Tuesday, February 19, 2019 at 6:54:20 PM UTC+1, Wyllys Ingersoll wrote:

Search Guard 6.5.3

Elasticsearch 6.5.3

JVM 1.8

Ubuntu Linux 18.04.1

Are there REST APIs for assigning access controls to individual elasticsearch indexes? For example, restricting access to a particular index to a specific SG user or SG group?

Looking at the documents, it appears that I could use the REST api to create roles that restrict access to specific indexes and then assign those roles to a user - is that correct?

thanks!

The community version support the REST API ?

在 2019年2月20日星期三 UTC+8上午2:11:05,Jochen Kressin写道:

···

Yes, the most common way is to:

  1. Create Search Guard roles that implement the access restrictions you want

https://docs.search-guard.com/latest/roles-permissions

https://docs.search-guard.com/latest/rest-api-roles

  1. Map users by their username or backend roles to the Search Guard roles defined in 1)

https://docs.search-guard.com/latest/mapping-users-roles

https://docs.search-guard.com/latest/rest-api-roles-mapping

As a side note, you can also skip the step of mapping users to SG roles, for example, if you want to use LDAP or AD group names directly:

https://docs.search-guard.com/latest/role-mapping-modes

But that is a special case and really only useful for the said LDAP/AD case.

On Tuesday, February 19, 2019 at 6:54:20 PM UTC+1, Wyllys Ingersoll wrote:

Search Guard 6.5.3

Elasticsearch 6.5.3

JVM 1.8

Ubuntu Linux 18.04.1

Are there REST APIs for assigning access controls to individual elasticsearch indexes? For example, restricting access to a particular index to a specific SG user or SG group?

Looking at the documents, it appears that I could use the REST api to create roles that restrict access to specific indexes and then assign those roles to a user - is that correct?

thanks!

no, that is an enterprise feature

Please see Search Guard Security | Securing your Elasticsearch cluster with Search Guard for a comparison matrix

···

Am 04.03.2019 um 15:30 schrieb furongzhou66@gmail.com:

The community version support the REST API ?

在 2019年2月20日星期三 UTC+8上午2:11:05,Jochen Kressin写道:
Yes, the most common way is to:

1. Create Search Guard roles that implement the access restrictions you want

Search Guard role-based authorization for Elasticsearch | Security for Elasticsearch | Search Guard
Roles API | Security for Elasticsearch | Search Guard

2. Map users by their username or backend roles to the Search Guard roles defined in 1)

Mapping users to Search Guard roles | Security for Elasticsearch | Search Guard
Roles mapping API | Security for Elasticsearch | Search Guard

As a side note, you can also skip the step of mapping users to SG roles, for example, if you want to use LDAP or AD group names directly:

Role mapping modes | Security for Elasticsearch | Search Guard

But that is a special case and really only useful for the said LDAP/AD case.

On Tuesday, February 19, 2019 at 6:54:20 PM UTC+1, Wyllys Ingersoll wrote:

Search Guard 6.5.3
Elasticsearch 6.5.3
JVM 1.8
Ubuntu Linux 18.04.1

Are there REST APIs for assigning access controls to individual elasticsearch indexes? For example, restricting access to a particular index to a specific SG user or SG group?

Looking at the documents, it appears that I could use the REST api to create roles that restrict access to specific indexes and then assign those roles to a user - is that correct?

thanks!

--
You received this message because you are subscribed to the Google Groups "Search Guard Community Forum" group.
To unsubscribe from this group and stop receiving emails from it, send an email to search-guard+unsubscribe@googlegroups.com.
To post to this group, send email to search-guard@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/94879316-2c3b-43c8-a3b4-9dda0337f0b2%40googlegroups.com\.
For more options, visit https://groups.google.com/d/optout\.

thanks a lot

在 2019年3月5日星期二 UTC+8上午7:33:44,Search Guard写道:

···

no, that is an enterprise feature

Please see https://search-guard.com/product/ for a comparison matrix

Am 04.03.2019 um 15:30 schrieb furong...@gmail.com:

The community version support the REST API ?

在 2019年2月20日星期三 UTC+8上午2:11:05,Jochen Kressin写道:

Yes, the most common way is to:

  1. Create Search Guard roles that implement the access restrictions you want

https://docs.search-guard.com/latest/roles-permissions

https://docs.search-guard.com/latest/rest-api-roles

  1. Map users by their username or backend roles to the Search Guard roles defined in 1)

https://docs.search-guard.com/latest/mapping-users-roles

https://docs.search-guard.com/latest/rest-api-roles-mapping

As a side note, you can also skip the step of mapping users to SG roles, for example, if you want to use LDAP or AD group names directly:

https://docs.search-guard.com/latest/role-mapping-modes

But that is a special case and really only useful for the said LDAP/AD case.

On Tuesday, February 19, 2019 at 6:54:20 PM UTC+1, Wyllys Ingersoll wrote:

Search Guard 6.5.3

Elasticsearch 6.5.3

JVM 1.8

Ubuntu Linux 18.04.1

Are there REST APIs for assigning access controls to individual elasticsearch indexes? For example, restricting access to a particular index to a specific SG user or SG group?

Looking at the documents, it appears that I could use the REST api to create roles that restrict access to specific indexes and then assign those roles to a user - is that correct?

thanks!


You received this message because you are subscribed to the Google Groups “Search Guard Community Forum” group.

To unsubscribe from this group and stop receiving emails from it, send an email to search-guard...@googlegroups.com.

To post to this group, send email to search...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/94879316-2c3b-43c8-a3b4-9dda0337f0b2%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.