Operator privileges
editOperator privileges
editThis feature is designed for indirect use by Elasticsearch Service, Elastic Cloud Enterprise, and Elastic Cloud on Kubernetes. Direct use is not supported.
With a typical Elasticsearch deployment, people who administer the cluster also operate the cluster at the infrastructure level. User authorization based on role-based access control (RBAC) is effective and reliable for this environment. However, in more managed environments, such as Elasticsearch Service, there is a distinction between the operator of the cluster infrastructure and the administrator of the cluster.
Operator privileges limit some functionality to operator users only. Operator
users are just regular Elasticsearch users with access to specific
operator-only functionality. These
privileges are not available to cluster administrators, even if they log in as
a highly privileged user such as the elastic
user or another user with the
superuser
role. By limiting system access, operator privileges enhance the
Elasticsearch security model while safeguarding user capabilities.
Operator privileges are enabled on Elastic Cloud, which means that some infrastructure management functionality is restricted and cannot be accessed by your administrative users. This capability protects your cluster from unintended infrastructure changes.