honeymoose/OpenSearch
1
0
Fork 0
mirror of https://github.com/honeymoose/OpenSearch.git synced 2025-03-29 11:28:30 +00:00
Code Issues Packages Projects Releases Wiki Activity

[DOCS] Adds tip for elastic built-in user (#51891)

Browse Source
This commit is contained in:
Lisa Cawley 2020-02-05 18:54:53 -08:00 committed by lcawl
parent 12473c2bcb
commit 53bd88ea8c
1 changed files with 11 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
x-pack/docs/en/security/authentication/built-in-users.asciidoc
View File

@ -7,15 +7,19 @@ up and running. These users have a fixed set of privileges and cannot be
authenticated until their passwords have been set. The `elastic` user can be authenticated until their passwords have been set. The `elastic` user can be
used to <<set-built-in-user-passwords,set all of the built-in user passwords>>. used to <<set-built-in-user-passwords,set all of the built-in user passwords>>.
`elastic`:: A built-in _superuser_. See <<built-in-roles>>. `elastic`:: A built-in <<built-in-roles,superuser>>.
`kibana`:: The user Kibana uses to connect and communicate with Elasticsearch. `kibana`:: The user Kibana uses to connect and communicate with {es}.
`logstash_system`:: The user Logstash uses when storing monitoring information in Elasticsearch. `logstash_system`:: The user Logstash uses when storing monitoring information in {es}.
`beats_system`:: The user the Beats use when storing monitoring information in Elasticsearch. `beats_system`:: The user the Beats use when storing monitoring information in {es}.
`apm_system`:: The user the APM server uses when storing monitoring information in {es}. `apm_system`:: The user the APM server uses when storing monitoring information in {es}.
`remote_monitoring_user`:: The user {metricbeat} uses when collecting and `remote_monitoring_user`:: The user {metricbeat} uses when collecting and
storing monitoring information in {es}. It has the `remote_monitoring_agent` and storing monitoring information in {es}. It has the `remote_monitoring_agent` and
`remote_monitoring_collector` built-in roles. `remote_monitoring_collector` built-in roles.
TIP: The built-in users serve specific purposes and are not intended for general
use. In particular, do not use the `elastic` superuser unless full access to
the cluster is required. Instead, create users that have the minimum necessary
roles or privileges for their activities.
[float] [float]
[[built-in-user-explanation]] [[built-in-user-explanation]]
@ -130,9 +134,9 @@ the `logstash.yml` configuration file:
xpack.monitoring.elasticsearch.password: logstashpassword xpack.monitoring.elasticsearch.password: logstashpassword
---------------------------------------------------------- ----------------------------------------------------------
If you have upgraded from an older version of Elasticsearch, If you have upgraded from an older version of {es}, the `logstash_system` user
the `logstash_system` user may have defaulted to _disabled_ for security reasons. may have defaulted to _disabled_ for security reasons. Once the password has
Once the password has been changed, you can enable the user via the following API call: been changed, you can enable the user via the following API call:
[source,console] [source,console]
--------------------------------------------------------------------- ---------------------------------------------------------------------