Shield Privileges

edit

Shield Privileges

edit

This section lists the privileges that you can assign to a role.

Cluster Privileges

edit

all

All cluster operations, like snapshotting, node shutdown/restart, settings update, rerouting, or managing security

monitor

All cluster read-only operations, like cluster health & state, hot threads, node info, node & cluster stats, snapshot/restore status, pending cluster tasks

manage

Builds on monitor and adds cluster operations that change values in the cluster. This includes snapshotting, updating settings, and rerouting. This privilege does not include the ability to manage security.

manage_security

All security related operations such as CRUD operations on users and roles and cache clearing

manage_index_templates

All operations on index templates

transport_client

All privileges necessary for a transport client to connect

Indices Privileges

edit

all

Any action on an index

manage

All monitor privileges plus index administration (aliases, analyze, cache clear, close, delete, exists, flush, mapping, open, force merge, refresh, settings, search shards, templates, validate, warmers)

monitor

All actions, that are required for monitoring and read-only (recovery, segments info, index stats & status)

view_index_metadata

Grants read-only access to information about an index (aliases, aliases exists, get index, exists, field mappings, mappings, search shards, type exists, validate, warmers, settings)

read

Read only access to actions (count, explain, get, mget, get indexed scripts, more like this, multi percolate/search/termvector, percolate, scroll, clear_scroll, search, suggest, tv)

index

Privilege to index and update documents

create

Privilege to index documents

delete

Privilege to delete documents

write

Privilege to perform all write operations on documents, including the ability to index, update, and delete documents as well as perform bulk operations. If write is granted on the .scripts index, it includes the ability to put and delete indexed scripts.

delete_index

Privilege to delete an index

create_index

Privilege to create an index. A create index request may contain aliases to be added to the index once created. In that case the request requires the manage privilege as well, on both the index and the aliases names.

Run As Privilege

edit

The run_as privilege enables an authenticated user to submit requests on behalf of another user. The value can be a user name or a comma-separated list of user names. (You can also specify users as an array of strings or a YAML sequence.) For more information, see Submitting Requests on Behalf of Other Users.