- X-Pack Reference for 6.0-6.2 and 5.x:
- Introduction
- Setting Up X-Pack
- Breaking Changes
- X-Pack APIs
- Graphing Connections in Your Data
- Profiling your Queries and Aggregations
- Reporting from Kibana
- Securing the Elastic Stack
- Getting Started with Security
- How Security Works
- Setting Up User Authentication
- Configuring SAML Single-Sign-On on the Elastic Stack
- Configuring Role-based Access Control
- Auditing Security Events
- Encrypting Communications
- Restricting Connections with IP Filtering
- Cross Cluster Search, Tribe, Clients and Integrations
- Reference
- Monitoring the Elastic Stack
- Alerting on Cluster and Index Events
- Machine Learning in the Elastic Stack
- Troubleshooting
- Getting Help
- X-Pack security
- Can’t log in after upgrading to 6.2.4
- Some settings are not returned via the nodes settings API
- Authorization exceptions
- Users command fails due to extra arguments
- Users are frequently locked out of Active Directory
- Certificate verification fails for curl on Mac
- SSLHandshakeException causes connections to fail
- Common SSL/TLS exceptions
- Internal Server Error in Kibana
- Setup-passwords command fails due to connection failure
- X-Pack Watcher
- X-Pack monitoring
- X-Pack machine learning
- Limitations
- License Management
- Release Notes
WARNING: Version 6.2 of the Elastic Stack has passed its EOL date.
This documentation is no longer being maintained and may be removed. If you are running this version, we strongly advise you to upgrade. For the latest information, see the current release documentation.
Security Privileges
editSecurity Privileges
editThis section lists the privileges that you can assign to a role.
Cluster Privileges
edit
|
All cluster administration operations, like snapshotting, node shutdown/restart, settings update, rerouting, or managing users and roles. |
|
All cluster read-only operations, like cluster health and state, hot threads, node info, node and cluster stats, and pending cluster tasks. |
|
All read only machine learning operations, such as getting information about datafeeds, jobs, model snapshots, or results. |
|
All read only watcher operations, such as getting a watch and watcher stats. |
|
Builds on |
|
All operations on index templates. |
|
All machine learning operations, such as creating and deleting datafeeds, jobs, and model snapshots. Datafeeds that were created prior to version 6.2 or created when X-Pack security was disabled run as a system user with elevated privileges, including permission to read all indices. Newer datafeeds run with the security roles of the user who created or updated them. |
|
All operations on ingest pipelines. |
|
All security related operations such as CRUD operations on users and roles and cache clearing. |
|
All watcher operations, such as putting watches, executing, activate or acknowledging. Watches that were created prior to version 6.1 or created when X-Pack security was disabled run as a system user with elevated privileges, including permission to read and write all indices. Newer watches run with the security roles of the user who created or updated them. |
|
All privileges necessary for a transport client to connect. Required by the remote cluster to enable Cross Cluster Search. |
Indices Privileges
edit
|
Any action on an index |
|
All actions that are required for monitoring (recovery, segments info, index stats and status). |
|
All |
|
Read-only access to index metadata (aliases, aliases exists, get index, exists, field mappings, mappings, search shards, type exists, validate, warmers, settings). This privilege is primarily available for use by Kibana users. |
|
Read only access to actions (count, explain, get, mget, get indexed scripts, more like this, multi percolate/search/termvector, percolate, scroll, clear_scroll, search, suggest, tv). |
|
Read only access to the search action from a remote cluster. |
|
Privilege to index and update documents. Also grants access to the update mapping action. |
|
Privilege to index documents. Also grants access to the update mapping action. This privilege does not restrict the index operation to the creation of documents but instead restricts API use to the index API. The index API allows a user to overwrite a previously indexed document. |
|
Privilege to delete documents. |
|
Privilege to perform all write operations to documents, which includes the permission to index, update, and delete documents as well as performing bulk operations. Also grants access to the update mapping action. |
|
Privilege to delete an index. |
|
Privilege to create an index. A create index request may contain aliases to be
added to the index once created. In that case the request requires the |
Run As Privilege
editThe run_as
permission enables an authenticated user to submit requests on
behalf of another user. The value can be a user name or a comma-separated list
of user names. (You can also specify users as an array of strings or a YAML
sequence.) For more information, see
Submitting Requests on Behalf of Other Users.
ElasticON events are back!
Learn about the Elastic Search AI Platform from the experts at our live events.
Register now