- Shield Reference for 2.x and 1.x:
- Introduction
- Getting Started with Shield
- Installing Shield
- How Shield Works
- User Authentication
- How Authentication Works
- Enabling Anonymous Access [1.1.0] Added in 1.1.0.
- Native User Authentication
- LDAP User Authentication
- Active Directory User Authentication
- PKI User Authentication [1.3.0] Added in 1.3.0.
- File-based User Authentication
- Integrating with Other Authentication Systems
- Controlling the User Cache
- Migration tool for users and roles
- Role-based Access Control
- Auditing Security Events
- Securing Communications with Encryption and IP Filtering
- Configuring Clients and Integrations
- Managing Your License
- Example Shield Deployments
- Reference
- Limitations
- Troubleshooting
- Setting Up a Certificate Authority
- Release Notes
Granting Privileges for Index Aliases
editGranting Privileges for Index Aliases
editYou grant access to index aliases the same way you grant access to particular indexes. To perform an action against an index alias, the user must have privileges for that alias. Access to aliased indices does not automatically confer access to the alias.
Aliases can have a filter that specifies a subset of the documents in the physical index. These filters are not always applied and should not be used in place of document level security.
For example, if you have index called 2016
and an alias that points to it
called current_year
, to give a user permission to use the alias you could
assign the following role:
{ "current_year_read": { "cluster":[], "indices":[{ "names":["current_year"], "privileges":["read"]}], "run_as":[] } }
Granting read access to the 2016
index does not enable a user to use the
current_year
alias.
Managing Aliases
editPerforming CRUD operations on an index alias requires the manage
privilege on both
the targeted indices and the alias. Adding an alias when creating an index also
requires the create_index
privilege.
For example, the following role would enable a user to create an alias called
current_year
for the index named 2016
through the
dedicated aliases API:
{ "admin": { "cluster":[], "indices":[{ "names":["2016", "current_year"], "privileges":["manage"]}], "run_as":[] } }
On this page