Security files
editSecurity files
editThe Elasticsearch security features use the following files:
-
ES_PATH_CONF/roles.yml
defines the roles in use on the cluster. See Defining roles. -
ES_PATH_CONF/elasticsearch-users
defines the users and their hashed passwords for thefile
realm. See File-based user authentication. -
ES_PATH_CONF/elasticsearch-users_roles
defines the user roles assignment for thefile
realm. See File-based user authentication. -
ES_PATH_CONF/role_mapping.yml
defines the role assignments for a Distinguished Name (DN) to a role. This allows for LDAP and Active Directory groups and users and PKI users to be mapped to roles. See Mapping users and groups to roles. -
ES_PATH_CONF/log4j2.properties
contains audit information. See Logfile audit output.
Several of these files are in the YAML format. When you edit these files, be aware that YAML is indentation-level sensitive and indentation errors can lead to configuration errors. Avoid the tab character to set indentation levels, or use an editor that automatically expands tabs to spaces.
Be careful to properly escape YAML constructs such as :
or leading exclamation
points within quoted strings. Using the |
or >
characters to define block
literals instead of escaping the problematic characters can help avoid problems.