2021-05-05 13:09:47 -04:00
---
layout: default
title: Default Action Groups
parent: Access Control
grand_parent: Security
nav_order: 51
---
# Default action groups
This page catalogs all default action groups. Often, the most coherent way to create new action groups is to use a combination of these default groups and [individual permissions ](../permissions ).
## General
Name | Description
:--- | :---
unlimited | Grants complete access. Can be used on an cluster- or index-level. Equates to `"*"` .
2021-05-06 13:12:07 -04:00
{% comment %}kibana_all_read | asdf
kibana_all_write | asdf{% endcomment %}
2021-05-05 13:09:47 -04:00
## Cluster-level
Name | Description
:---| :---
cluster_all | Grants all cluster permissions. Equates to `cluster:*` .
cluster_monitor | Grants all cluster monitoring permissions. Equates to `cluster:monitor/*` .
cluster_composite_ops_ro | Grants read-only permissions to execute requests like `mget` , `msearch` , or `mtv` , plus permissions to query for aliases.
cluster_composite_ops | Same as `CLUSTER_COMPOSITE_OPS_RO` , but also grants `bulk` permissions and all aliases permissions.
manage_snapshots | Grants permissions to manage snapshots and repositories.
2021-05-06 13:12:07 -04:00
cluster_manage_pipelines | Grants permissions to manage ingest pipelines.
cluster_manage_index_templates | Grants permissions to manage index templates.
2021-05-05 13:09:47 -04:00
## Index-level
Name | Description
:--- | :---
indices_all | Grants all permissions on the index. Equates to `indices:*` .
get | Grants permissions to use `get` and `mget` actions only.
read | Grants read permissions such as search, get field mappings, `get` , and `mget` .
2021-05-06 13:12:07 -04:00
write | Grants permissions to create and update documents within *existing indices* . To create new indices, see `create_index` .
2021-05-05 13:09:47 -04:00
delete | Grants permissions to delete documents.
2021-05-06 13:12:07 -04:00
crud | Combines the `read` , `write` , and `delete` action groups. Included in the `data_access` action group.
search | Grants permissions to search documents. Includes `suggest` .
suggest | Grants permissions to use the suggest API. Included in the `read` action group.
2021-05-05 13:09:47 -04:00
create_index | Grants permissions to create indices and mappings.
indices_monitor | Grants permissions to execute all index monitoring actions (e.g. recovery, segments info, index stats, and status).
2021-05-06 13:12:07 -04:00
index | A more limited version of the `write` action group.
data_access | Combines the `crud` action group with `indices:data/*` .
2021-05-05 13:09:47 -04:00
manage_aliases | Grants permissions to manage aliases.
manage | Grants all monitoring and administration permissions for indices.