What does READ action groups exactly?

READ action group is described as ‘Grants read permissions like get, mget or getting field mappings, but exludes search permissions’ in the page Using and defining action groups.

(BTW, there’s typo in the sentence: exludes -> excludes)

However, from my testing, a user who has READ is able to search documents.

Is this an expected behavior?

READ action group contains indices:data/read* permission.

Is that understanding correct?

Versions

Elasticserch version: 6.3.1

SeachGuard ES plugin version: 6-6.3.1-22.3

Kibana version: 6.3.1

SearchGuard Kibana plugin version: 6.3.1-14-beta-1

···

From my understanding, indices:data/read* includes indices/data/read/search*.

Yes, this is an error in the documentation. Thanks for pointing it out, we will correct it asap. Your understanding is correct here.

···

On Thursday, July 26, 2018 at 5:09:47 AM UTC+2, Tomoyuki Saito wrote:

READ action group is described as ‘Grants read permissions like get, mget or getting field mappings, but exludes search permissions’ in the page Using and defining action groups.

(BTW, there’s typo in the sentence: exludes -> excludes)

However, from my testing, a user who has READ is able to search documents.

Is this an expected behavior?

READ action group contains indices:data/read* permission.

From my understanding, indices:data/read* includes indices/data/read/search*.

Is that understanding correct?

Versions

Elasticserch version: 6.3.1

SeachGuard ES plugin version: 6-6.3.1-22.3

Kibana version: 6.3.1

SearchGuard Kibana plugin version: 6.3.1-14-beta-1