- Shield Reference for 2.x and 1.x:
- Introduction
- Getting Started with Shield
- Installing Shield
- How Shield Works
- User Authentication
- How Authentication Works
- Enabling Anonymous Access [1.1.0] Added in 1.1.0.
- Native User Authentication
- LDAP User Authentication
- Active Directory User Authentication
- PKI User Authentication [1.3.0] Added in 1.3.0.
- File-based User Authentication
- Integrating with Other Authentication Systems
- Controlling the User Cache
- Migration tool for users and roles
- Role-based Access Control
- Auditing Security Events
- Securing Communications with Encryption and IP Filtering
- Configuring Clients and Integrations
- Managing Your License
- Example Shield Deployments
- Reference
- Limitations
- Troubleshooting
- Setting Up a Certificate Authority
- Release Notes
Shield Privileges
editShield Privileges
editThis section lists the privileges that you can assign to a role.
Cluster Privileges
edit
|
All cluster operations, like snapshotting, node shutdown/restart, settings update, rerouting, or managing security |
|
All cluster read-only operations, like cluster health & state, hot threads, node info, node & cluster stats, snapshot/restore status, pending cluster tasks |
|
Builds on |
|
All security related operations such as CRUD operations on users and roles and cache clearing |
|
All operations on index templates |
|
All privileges necessary for a transport client to connect |
Indices Privileges
edit
|
Any action on an index |
|
All |
|
All actions, that are required for monitoring and read-only (recovery, segments info, index stats & status) |
|
Grants read-only access to information about an index (aliases, aliases exists, get index, exists, field mappings, mappings, search shards, type exists, validate, warmers, settings) |
|
Read only access to actions (count, explain, get, mget, get indexed scripts, more like this, multi percolate/search/termvector, percolate, scroll, clear_scroll, search, suggest, tv) |
|
Privilege to index and update documents |
|
Privilege to index documents |
|
Privilege to delete documents |
|
Privilege to perform all write operations on documents, including the ability to index, update, and delete documents as well as perform bulk operations. If |
|
Privilege to delete an index |
|
Privilege to create an index. A create index request may contain aliases to be added to the index once
created. In that case the request requires the |
Run As Privilege
editThe run_as
privilege enables an authenticated user to submit requests on behalf of another
user. The value can be a user name or a comma-separated list of user names. (You can also specify
users as an array of strings or a YAML sequence.) For more information,
see Submitting Requests on Behalf of Other Users.