mirror of
https://github.com/honeymoose/OpenSearch.git
synced 2025-02-17 18:35:25 +00:00
c024dbfc49
This commit removes as much of the use of shield as possible in the source code. See elastic/elasticsearch#2383 Original commit: elastic/x-pack-elasticsearch@00009cc06e
78 lines
1.6 KiB
YAML
78 lines
1.6 KiB
YAML
admin:
|
|
cluster:
|
|
- all
|
|
indices:
|
|
- names: '*'
|
|
privileges: [ all ]
|
|
run_as:
|
|
- '*'
|
|
|
|
# Search and write on both source and destination indices. It should work if you could just search on the source and
|
|
# write to the destination but that isn't how security works.
|
|
minimal:
|
|
indices:
|
|
- names: source
|
|
privileges:
|
|
- read
|
|
- write
|
|
- create_index
|
|
- indices:admin/refresh
|
|
- names: dest
|
|
privileges:
|
|
- read
|
|
- write
|
|
- create_index
|
|
- indices:admin/refresh
|
|
|
|
# Read only operations on indices
|
|
readonly:
|
|
indices:
|
|
- names: '*'
|
|
privileges: [ read ]
|
|
|
|
# Write operations on destination index, none on source index
|
|
dest_only:
|
|
indices:
|
|
- names: dest
|
|
privileges: [ write ]
|
|
|
|
# Search and write on both source and destination indices with document level security filtering out some docs.
|
|
can_not_see_hidden_docs:
|
|
indices:
|
|
- names: source
|
|
privileges:
|
|
- read
|
|
- write
|
|
- create_index
|
|
- indices:admin/refresh
|
|
query:
|
|
bool:
|
|
must_not:
|
|
match:
|
|
hidden: true
|
|
- names: dest
|
|
privileges:
|
|
- read
|
|
- write
|
|
- create_index
|
|
- indices:admin/refresh
|
|
|
|
# Search and write on both source and destination indices with field level security.
|
|
can_not_see_hidden_fields:
|
|
indices:
|
|
- names: source
|
|
privileges:
|
|
- read
|
|
- write
|
|
- create_index
|
|
- indices:admin/refresh
|
|
fields:
|
|
- foo
|
|
- bar
|
|
- names: dest
|
|
privileges:
|
|
- read
|
|
- write
|
|
- create_index
|
|
- indices:admin/refresh
|