admin: cluster: - all indices: - names: '*' privileges: [ all ] run_as: - '*' # Search and write on both source and destination indices. It should work if you could just search on the source and # write to the destination but that isn't how security works. minimal: indices: - names: source privileges: - read - write - create_index - indices:admin/refresh - names: dest privileges: - read - write - create_index - indices:admin/refresh # Read only operations on indices readonly: indices: - names: '*' privileges: [ read ] # Write operations on destination index, none on source index dest_only: indices: - names: dest privileges: [ write ] # Search and write on both source and destination indices with document level security filtering out some docs. can_not_see_hidden_docs: indices: - names: source privileges: - read - write - create_index - indices:admin/refresh query: bool: must_not: match: hidden: true - names: dest privileges: - read - write - create_index - indices:admin/refresh # Search and write on both source and destination indices with field level security. can_not_see_hidden_fields: indices: - names: source privileges: - read - write - create_index - indices:admin/refresh fields: - foo - bar - names: dest privileges: - read - write - create_index - indices:admin/refresh