Understanding Action Groups and WildCards

Jeff_Cantrill · March 23, 2017, 1:16am

I’m trying to digest what the meaning is of wildcards in relation to action groups as described [1].
For context, I’m using the 2.4.4.10 release of SG and getting a “[security_exception] no permissions for indices:data/read/field_stats”.

Towards the end of the document is:

  SEARCH:
- "indices:data/read/search*"
- "indices:data/read/msearch*"
- SUGGEST
SUGGEST:
- "indices:data/read/suggest*"

In this case, the action group SEARCH includes the (wildcarded) search* and msearch* permissions

What exactly does that mean? The available action list is [2]. Does this mean if I define:

MYGROUP

“indexes:data/read*”

that ‘MYGROUP’ will allow all data read operations of [2]? What does it means for data/read/search*? Any action group that is prefixed with search?

[1] https://github.com/floragunncom/search-guard-docs/blob/master/configuration.md

[2] Reference | Shield Reference [2.1] | Elastic

Topic		Replies	Views
What does READ action groups exactly? Search Guard	1	396	July 26, 2018
INDEX action group Search Guard	3	510	May 20, 2022
Issues with deleting index with wildcards Search Guard	2	355	April 24, 2017
Is there permission or privileges list or docs? Search Guard	2	360	July 22, 2016
Permissions lists and descriptions Search Guard	0	378	September 20, 2018

Understanding Action Groups and WildCards

Related topics