Shield Privileges
editShield Privileges
editThis section lists the privileges that you can assign to a role.
Cluster Privileges
edit
|
All cluster operations, like snapshotting, node shutdown/restart, settings update, rerouting, or managing security |
|
All cluster read-only operations, like cluster health & state, hot threads, node info, node & cluster stats, snapshot/restore status, pending cluster tasks |
|
Builds on |
|
All security related operations such as CRUD operations on users and roles and cache clearing |
|
All operations on index templates |
|
All privileges necessary for a transport client to connect |
Indices Privileges
edit
|
Any action on an index |
|
All |
|
All actions, that are required for monitoring and read-only (recovery, segments info, index stats & status) |
|
Grants read-only access to information about an index (aliases, aliases exists, get index, exists, field mappings, mappings, search shards, type exists, validate, warmers, settings) |
|
Read only access to actions (count, explain, get, mget, get indexed scripts, more like this, multi percolate/search/termvector, percolate, scroll, clear_scroll, search, suggest, tv) |
|
Privilege to index and update documents |
|
Privilege to index documents |
|
Privilege to delete documents |
|
Privilege to perform all write operations on documents, including the ability to index, update, and delete documents as well as perform bulk operations. If |
|
Privilege to delete an index |
|
Privilege to create an index. A create index request may contain aliases to be added to the index once
created. In that case the request requires the |
Run As Privilege
editThe run_as
privilege enables an authenticated user to submit requests on behalf of another
user. The value can be a user name or a comma-separated list of user names. (You can also specify
users as an array of strings or a YAML sequence.) For more information,
see Submitting Requests on Behalf of Other Users.