mirror of
https://github.com/honeymoose/OpenSearch.git
synced 2025-02-09 06:25:07 +00:00
018d946bba
This commit documents the backup and restore of a cluster's security configuration. It is not possible to only backup (or only restore) security configuration, independent to the rest of the cluster's conf, so this describes how a full configuration backup&restore will include security as well. Moreover, it explains how part of the security conf data resides on the special .security index and how to backup that using regular data snapshot API. Co-Authored-By: Lisa Cawley <lcawley@elastic.co> Co-Authored-By: Tim Vernum <tim@adjective.org>
16 lines
612 B
Plaintext
16 lines
612 B
Plaintext
[[restore-cluster-data]]
|
|
=== Restore a cluster's data
|
|
++++
|
|
<titleabbrev>Restore the data</titleabbrev>
|
|
++++
|
|
|
|
include::{es-repo-dir}/modules/snapshots.asciidoc[tag=restore-intro]
|
|
|
|
[TIP]
|
|
====
|
|
If your cluster has {es} {security-features} enabled, the restore API requires the `manage` cluster privilege. There is no bespoke role for the restore process. This privilege is very permissive and should only
|
|
be granted to users in the "administrator" category. Specifically, it allows
|
|
malicious users to exfiltrate data to a location of their choosing. Automated
|
|
tools should not run as users with this privilege.
|
|
====
|