From 844a97586e3c2559e9dc496504f18ec535c7bbeb Mon Sep 17 00:00:00 2001 From: Clinton Gormley Date: Tue, 23 May 2017 19:18:03 +0200 Subject: [PATCH] Updated docs for cross-cluster search (elastic/x-pack-elasticsearch#1478) * Updated docs for cross-cluster search Wildcards are now supported in both cluster alias and index name, and the "view_index_metadata" privilege is automatically conferred by the "read_cross_cluster" role. * For now, best to allow users permissions to query all indices on all remote clusters Original commit: elastic/x-pack-elasticsearch@31959f78f4d28c68b3e8b41b59a478d65975faac --- .../tribe-clients-integrations/cross-cluster.asciidoc | 11 +++-------- 1 file changed, 3 insertions(+), 8 deletions(-) diff --git a/docs/en/security/tribe-clients-integrations/cross-cluster.asciidoc b/docs/en/security/tribe-clients-integrations/cross-cluster.asciidoc index cb8281dd538..3ab9fa146bf 100644 --- a/docs/en/security/tribe-clients-integrations/cross-cluster.asciidoc +++ b/docs/en/security/tribe-clients-integrations/cross-cluster.asciidoc @@ -15,9 +15,6 @@ roles are passed to the remote clusters. A remote cluster checks the user's roles against its local role definitions to determine which indices the user is allowed to access. -NOTE: For the moment, cross cluster search with security enabled does not -support using wildcards for either cluster or index names. - To use cross cluster search with secured clusters: * Install {xpack} on every node in each connected cluster. @@ -83,8 +80,7 @@ PUT _cluster_settings Next, set up a role called `cluster_two_logs` on both cluster `one` and cluster `two`. -On cluster `one`, this role allows the user to query indices called `logs-` on -cluster `two`: +On cluster `one`, this role allows the user to query any indices on remote clusters: [source,js] ----------------------------------------------------------- @@ -93,7 +89,7 @@ POST /_xpack/security/role/cluster_two_logs "indices": [ { "names": [ - "two:logs-*" + "*:*" ], "privileges": [ "read" @@ -120,8 +116,7 @@ POST /_xpack/security/role/cluster_two_logs ], "privileges": [ "read", - "read_cross_cluster", - "view_index_metadata" + "read_cross_cluster" ] } ]