52 lines
1.3 KiB
YAML
52 lines
1.3 KiB
YAML
admin:
|
|
cluster: all
|
|
indices:
|
|
'*':
|
|
privileges: all
|
|
run_as: '*'
|
|
|
|
# Search and write on both source and destination indices. It should work if you could just search on the source and
|
|
# write to the destination but that isn't how shield works.
|
|
minimal:
|
|
indices:
|
|
source:
|
|
privileges: search, write, create_index, indices:admin/refresh
|
|
dest:
|
|
privileges: search, write, create_index, indices:admin/refresh
|
|
|
|
# Read only operations on indices
|
|
readonly:
|
|
indices:
|
|
'*':
|
|
privileges: search
|
|
|
|
# Write operations on destination index, none on source index
|
|
dest_only:
|
|
indices:
|
|
dest:
|
|
privileges: write
|
|
|
|
# Search and write on both source and destination indices with document level security filtering out some docs.
|
|
can_not_see_hidden_docs:
|
|
indices:
|
|
source:
|
|
privileges: search, write, create_index, indices:admin/refresh
|
|
query:
|
|
bool:
|
|
must_not:
|
|
match:
|
|
hidden: true
|
|
dest:
|
|
privileges: search, write, create_index, indices:admin/refresh
|
|
|
|
# Search and write on both source and destination indices with field level security.
|
|
can_not_see_hidden_fields:
|
|
indices:
|
|
source:
|
|
privileges: search, write, create_index, indices:admin/refresh
|
|
fields:
|
|
- foo
|
|
- bar
|
|
dest:
|
|
privileges: search, write, create_index, indices:admin/refresh
|