sg_all_access: cluster: - '*' indices: '*': '*': - '*' sg_readonly_and_monitor: cluster: - CLUSTER_MONITOR - CLUSTER_COMPOSITE_OPS_RO indices: '*': '*': - ALL sg_readall: cluster: - CLUSTER_COMPOSITE_OPS_RO indices: '*': '*': - READ sg_readonly_dlsfls: cluster: - CLUSTER_COMPOSITE_OPS_RO indices: '/\S*/': '*': - READ _dls_: '{"term" : {"_type" : "legends"}}' _fls_: - 'aaa' - 'bbb' sg_transport_client: cluster: - cluster:monitor/nodes/liveness - cluster:monitor/state sg_kibana: cluster: - CLUSTER_COMPOSITE_OPS_RO indices: '*': '*': - READ - indices:admin/mappings/fields/get* '?kibana': '*': - ALL sg_kibana_testindex: cluster: - CLUSTER_COMPOSITE_OPS_RO indices: 'test*': '*': - READ - indices:admin/mappings/fields/get* '?kibana': '*': - ALL sg_kibana_server: cluster: - CLUSTER_MONITOR - CLUSTER_COMPOSITE_OPS indices: '?kibana': '*': - ALL - indices:admin/get 'watch*': '*': - READ - WRITE - MANAGE - CREATE_INDEX - INDEX - DELETE - indices:data/read/search - indices:admin/get #TODO: Lock this down. sg_logstash: cluster: - '*' indices: '*': '*': - '*' # skedler permissions. more info here: # http://support.skedler.com/support/solutions/articles/8000045778-step-by-step-shield-configuration-guide sg_role_skedler: cluster: - CLUSTER_ALL indices: '*': - indices:admin/mappings/fields/get - indices:admin/validate/query - indices:data/read/search - indices:data/read/msearch - indices:admin/get '.kibana': - indices:admin/exists - indices:admin/mapping/put - indices:admin/mappings/fields/get - indices:admin/refresh - indices:admin/validate/query - indices:data/read/get - indices:data/read/mget - indices:data/read/search - indices:data/write/delete - indices:data/write/index - indices:data/write/update - indices:admin/create '.skedler': - indices:admin/exists - indices:admin/mapping/put - indices:admin/mappings/fields/get - indices:admin/refresh - indices:admin/validate/query - indices:data/read/get - indices:data/read/mget - indices:data/read/search - indices:data/read/count - indices:data/write/delete - indices:data/write/index - indices:data/write/update - indices:admin/create # Allows each user to access own named index sg_own_index: cluster: - CLUSTER_COMPOSITE_OPS indices: '${user_name}': '*': - ALL 'watch*': '*': - READ - WRITE - MANAGE - CREATE_INDEX - INDEX - DELETE - indices:data/read/search - indices:admin/get '?kibana*': '*': - indices:data/read/search* - indices:admin/get sg_public: cluster: - cluster:monitor/main - CLUSTER_COMPOSITE_OPS_RO indices: 'watch*': '*': - READ - WRITE - MANAGE - CREATE_INDEX - INDEX - DELETE - indices:data/read/search - indices:admin/get '?kibana*': '*': - indices:data/read/search* - indices:admin/get sg_sentinl: cluster: - indices:data/read/scroll - indices:admin/template/put - CLUSTER_MONITOR - CLUSTER_COMPOSITE_OPS indices: indices: '?kibana*': '*': - MANAGE - DATA_ACCESS - DELETE - INDEX - SEARCH - READ - indices:admin/get - indices:data/read/search 'watch*': '*': - MANAGE - DATA_ACCESS - DELETE - CREATE_INDEX - INDEX - SEARCH - indices:admin/get '*': '*': - indices:monitor/stats - indices:admin/mappings/get - READ - SEARCH - indices:admin/get