Understanding Action Groups and WildCards

I’m trying to digest what the meaning is of wildcards in relation to action groups as described [1].
For context, I’m using the release of SG and getting a “[security_exception] no permissions for indices:data/read/field_stats”.

Towards the end of the document is:

- "indices:data/read/search*"
- "indices:data/read/msearch*"
- "indices:data/read/suggest*"

In this case, the action group SEARCH includes the (wildcarded) search* and msearch* permissions

What exactly does that mean? The available action list is [2]. Does this mean if I define:


  • “indexes:data/read*”

that ‘MYGROUP’ will allow all data read operations of [2]? What does it means for data/read/search*? Any action group that is prefixed with search?

[1] https://github.com/floragunncom/search-guard-docs/blob/master/configuration.md

[2] https://www.elastic.co/guide/en/shield/2.1/reference.html#ref-actions-list