mirror of
https://github.com/honeymoose/OpenSearch.git
synced 2025-02-07 21:48:39 +00:00
a22539aca0
This commit adds support for the privilege naming defined in elastic/elasticsearch#1342 and removes the support for the privileges that were deprecated in 2.3. This change also includes updates to the documentation to account for the new roles format. Original commit: elastic/x-pack-elasticsearch@98e9afd409
78 lines
1.6 KiB
YAML
78 lines
1.6 KiB
YAML
admin:
|
|
cluster:
|
|
- all
|
|
indices:
|
|
- names: '*'
|
|
privileges: [ all ]
|
|
run_as:
|
|
- '*'
|
|
|
|
# Search and write on both source and destination indices. It should work if you could just search on the source and
|
|
# write to the destination but that isn't how shield works.
|
|
minimal:
|
|
indices:
|
|
- names: source
|
|
privileges:
|
|
- read
|
|
- write
|
|
- create_index
|
|
- indices:admin/refresh
|
|
- names: dest
|
|
privileges:
|
|
- read
|
|
- write
|
|
- create_index
|
|
- indices:admin/refresh
|
|
|
|
# Read only operations on indices
|
|
readonly:
|
|
indices:
|
|
- names: '*'
|
|
privileges: [ read ]
|
|
|
|
# Write operations on destination index, none on source index
|
|
dest_only:
|
|
indices:
|
|
- names: dest
|
|
privileges: [ write ]
|
|
|
|
# Search and write on both source and destination indices with document level security filtering out some docs.
|
|
can_not_see_hidden_docs:
|
|
indices:
|
|
- names: source
|
|
privileges:
|
|
- read
|
|
- write
|
|
- create_index
|
|
- indices:admin/refresh
|
|
query:
|
|
bool:
|
|
must_not:
|
|
match:
|
|
hidden: true
|
|
- names: dest
|
|
privileges:
|
|
- read
|
|
- write
|
|
- create_index
|
|
- indices:admin/refresh
|
|
|
|
# Search and write on both source and destination indices with field level security.
|
|
can_not_see_hidden_fields:
|
|
indices:
|
|
- names: source
|
|
privileges:
|
|
- read
|
|
- write
|
|
- create_index
|
|
- indices:admin/refresh
|
|
fields:
|
|
- foo
|
|
- bar
|
|
- names: dest
|
|
privileges:
|
|
- read
|
|
- write
|
|
- create_index
|
|
- indices:admin/refresh
|