iSharkFly-Docs
/
opensearch-docs-cn
mirror of https://github.com/iSharkFly-Docs/opensearch-docs-cn
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Updated index permissions as per customer request #20230726 (#6404) 

* I updated index permissions as per customer request

Signed-off-by: eugene7421 <yevhenii.velychenko@eliatra.com>

* Update permissions.md

Signed-off-by: Naarcha-AWS <97990722+Naarcha-AWS@users.noreply.github.com>

* fixing datadog issues

Signed-off-by: leanne.laceybyrne@eliatra.com <leanne.laceybyrne@eliatra.com>

* fix more links

Signed-off-by: Naarcha-AWS <97990722+Naarcha-AWS@users.noreply.github.com>

* Update URL strcuture.

Signed-off-by: Naarcha-AWS <97990722+Naarcha-AWS@users.noreply.github.com>

* reviewdog issues ammeded

Signed-off-by: leanne.laceybyrne@eliatra.com <leanne.laceybyrne@eliatra.com>

* Update permissions.md

Signed-off-by: Naarcha-AWS <97990722+Naarcha-AWS@users.noreply.github.com>

* Update permissions.md

Signed-off-by: Naarcha-AWS <97990722+Naarcha-AWS@users.noreply.github.com>

* Update permissions.md

Signed-off-by: Naarcha-AWS <97990722+Naarcha-AWS@users.noreply.github.com>

---------

Signed-off-by: eugene7421 <yevhenii.velychenko@eliatra.com>
Signed-off-by: Naarcha-AWS <97990722+Naarcha-AWS@users.noreply.github.com>
Signed-off-by: leanne.laceybyrne@eliatra.com <leanne.laceybyrne@eliatra.com>
Co-authored-by: Naarcha-AWS <97990722+Naarcha-AWS@users.noreply.github.com>
Co-authored-by: leanne.laceybyrne@eliatra.com <leanne.laceybyrne@eliatra.com>
This commit is contained in:
eugene7421 2024-03-05 20:01:07 +00:00 committed by GitHub
parent 1fbdd03a71
commit 544ff2431e
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 78 additions and 74 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

152
_security/access-control/permissions.md
View File

@ -380,80 +380,84 @@ See [Index templates]({{site.url}}{{site.baseurl}}/im-plugin/index-templates/).
These permissions apply to an index or index pattern. You might want a user to have read access to all indexes (that is, `*`), but write access to only a few (for example, `web-logs` and `product-catalog`).
- indices:admin/aliases
- indices:admin/aliases/get
- indices:admin/analyze
- indices:admin/cache/clear
- indices:admin/close
- indices:admin/close*
- indices:admin/create (create indexes)
- indices:admin/data_stream/create
- indices:admin/data_stream/delete
- indices:admin/data_stream/get
- indices:admin/delete (delete indexes)
- indices:admin/exists
- indices:admin/flush
- indices:admin/flush*
- indices:admin/forcemerge
- indices:admin/get (retrieve index and mapping)
- indices:admin/mapping/put
- indices:admin/mappings/fields/get
- indices:admin/mappings/fields/get*
- indices:admin/mappings/get
- indices:admin/open
- indices:admin/plugins/replication/index/setup/validate
- indices:admin/plugins/replication/index/start
- indices:admin/plugins/replication/index/pause
- indices:admin/plugins/replication/index/resume
- indices:admin/plugins/replication/index/stop
- indices:admin/plugins/replication/index/update
- indices:admin/plugins/replication/index/status_check
- indices:admin/refresh
- indices:admin/refresh*
- indices:admin/resolve/index
- indices:admin/rollover
- indices:admin/seq_no/global_checkpoint_sync
- indices:admin/settings/update
- indices:admin/shards/search_shards
- indices:admin/template/delete
- indices:admin/template/get
- indices:admin/template/put
- indices:admin/upgrade
- indices:admin/validate/query
- indices:data/read/explain
- indices:data/read/field_caps
- indices:data/read/field_caps*
- indices:data/read/get
- indices:data/read/mget
- indices:data/read/mget*
- indices:data/read/msearch
- indices:data/read/msearch/template
- indices:data/read/mtv (multi-term vectors)
- indices:data/read/mtv*
- indices:data/read/plugins/replication/file_chunk
- indices:data/read/plugins/replication/changes
- indices:data/read/scroll
- indices:data/read/scroll/clear
- indices:data/read/search
- indices:data/read/search*
- indices:data/read/search/template
- indices:data/read/tv (term vectors)
- indices:data/write/bulk
- indices:data/write/bulk*
- indices:data/write/delete (delete documents)
- indices:data/write/delete/byquery
- indices:data/write/plugins/replication/changes
- indices:data/write/index (add documents to existing indexes)
- indices:data/write/reindex
- indices:data/write/update
- indices:data/write/update/byquery
- indices:monitor/data_stream/stats
- indices:monitor/recovery
- indices:monitor/segments
- indices:monitor/settings/get
- indices:monitor/shard_stores
- indices:monitor/stats
- indices:monitor/upgrade
<!-- vale off -->
| Permission | Description |
| --- | --- |
| `indices:admin/aliases` | Permissions for [index aliases]({{site.url}}{{site.baseurl}}/im-plugin/index-alias/). |
| `indices:admin/aliases/get` | Permission to get [index aliases]({{site.url}}{{site.baseurl}}/im-plugin/index-alias/). |
| `indices:admin/analyze` | Permission to use the [Analyze API]({{site.url}}{{site.baseurl}}/api-reference/analyze-apis/). |
| `indices:admin/cache/clear` | Permission to [clear cache]({{site.url}}{{site.baseurl}}/api-reference/index-apis/clear-index-cache/). |
| `indices:admin/close` | Permission to [close an index]({{site.url}}{{site.baseurl}}/api-reference/index-apis/close-index/). |
| `indices:admin/close*` | Permission to [close an index]({{site.url}}{{site.baseurl}}/api-reference/index-apis/close-index/). |
| `indices:admin/create` | Permission to [create indexes]({{site.url}}{{site.baseurl}}/api-reference/index-apis/create-index/). |
| `indices:admin/data_stream/create` | Permission to create [data streams]({{site.url}}{{site.baseurl}}/dashboards/im-dashboards/datastream/#creating-a-data-stream). |
| `indices:admin/data_stream/delete` | Permission to [delete data streams]({{site.url}}{{site.baseurl}}/dashboards/im-dashboards/datastream/#deleting-a-data-stream). |
| `indices:admin/data_stream/get` | Permission to [get data streams]({{site.url}}{{site.baseurl}}/dashboards/im-dashboards/datastream/#viewing-a-data-stream). |
| `indices:admin/delete` | Permission to [delete indexes]({{site.url}}{{site.baseurl}}/api-reference/index-apis/delete-index/). |
| `indices:admin/exists` | Permission to use [exists query]({{site.url}}{{site.baseurl}}/query-dsl/term/exists/). |
| `indices:admin/flush` | Permission to [flush an index]({{site.url}}{{site.baseurl}}/dashboards/im-dashboards/index-management/#flushing-an-index). |
| `indices:admin/flush*` | Permission to [flush an index]({{site.url}}{{site.baseurl}}/dashboards/im-dashboards/index-management/#flushing-an-index). |
| `indices:admin/forcemerge` | Permission to force merge indexes and data streams. |
| `indices:admin/get` | Permission to get index and mapping. |
| `indices:admin/mapping/put` | Permission to add new mappings and fields to an index. |
| `indices:admin/mappings/fields/get` | Permission to get mappings fields. |
| `indices:admin/mappings/fields/get*` | Permission to get mappings fields. |
| `indices:admin/mappings/get` | Permission to [get mappings]({{site.url}}{{site.baseurl}}/security-analytics/api-tools/mappings-api/#get-mappings). |
| `indices:admin/open` | Permission to [open an index]({{site.url}}{{site.baseurl}}/api-reference/index-apis/open-index/). |
| `indices:admin/plugins/replication/index/setup/validate` | Permission to validate a connection to a [remote cluster]({{site.url}}{{site.baseurl}}/tuning-your-cluster/replication-plugin/getting-started/#set-up-a-cross-cluster-connection). |
| `indices:admin/plugins/replication/index/start` | Permission to [start cross-cluster replication]({{site.url}}{{site.baseurl}}/tuning-your-cluster/replication-plugin/getting-started/#start-replication). |
| `indices:admin/plugins/replication/index/pause` | Permission to pause cross-cluster replication. |
| `indices:admin/plugins/replication/index/resume` | Permission to resume cross-cluster replication. |
| `indices:admin/plugins/replication/index/stop` | Permission to stop cross-cluster replication. |
| `indices:admin/plugins/replication/index/update` | Permission to update cross-cluster replication settings. |
| `indices:admin/plugins/replication/index/status_check` | Permission to check the status of cross-cluster replication. |
| `indices:admin/refresh` | Permission to use the [index refresh API]({{site.url}}{{site.baseurl}}/dashboards/im-dashboards/index-management/#refreshing-an-index). |
| `indices:admin/refresh*` | Permission to use the index refresh API. |
| `indices:admin/resolve/index` | Permission to resolve index names, index aliases and data streams. |
| `indices:admin/rollover` | Permission to perform [index rollover]({{site.url}}{{site.baseurl}}/dashboards/im-dashboards/rollover/). |
| `indices:admin/seq_no/global_checkpoint_sync` | Permission to perform a global checkpoint sync. |
| `indices:admin/settings/update` | Permission to [update index settings]({{site.url}}{{site.baseurl}}/api-reference/index-apis/update-settings/). |
| `indices:admin/shards/search_shards` | Permission to perform [cross cluster search]({{site.url}}{{site.baseurl}}/security/access-control/cross-cluster-search/). |
| `indices:admin/template/delete` | Permission to [delete index templates]({{site.url}}{{site.baseurl}}/im-plugin/index-templates/#delete-a-template). |
| `indices:admin/template/get` | Permission to [get index templates]({{site.url}}{{site.baseurl}}/im-plugin/index-templates/#retrieve-a-template). |
| `indices:admin/template/put` | Permission to [create index templates]({{site.url}}{{site.baseurl}}/im-plugin/index-templates/#create-a-template). |
| `indices:admin/upgrade` | Permission for administrators to perform upgrades. |
| `indices:admin/validate/query` | Permission to validate a specific query. |
| `indices:data/read/explain` | Permission to run the [Explain API]({{site.url}}{{site.baseurl}}/api-reference/explain/). |
| `indices:data/read/field_caps` | Permission to run the [Field Capabilities API]({{site.url}}{{site.baseurl}}/field-types/supported-field-types/alias/#using-aliases-in-field-capabilities-api-operations). |
| `indices:data/read/field_caps*` | Permission to run the Field Capabilities API. |
| `indices:data/read/get` | Permission to read index data. |
| `indices:data/read/mget` | Permission to run [multiple GET operations]({{site.url}}{{site.baseurl}}/api-reference/document-apis/multi-get/) in one request. |
| `indices:data/read/mget*` | Permission to run multiple GET operations in one request. |
| `indices:data/read/msearch` | Permission to run [multiple search]({{site.url}}{{site.baseurl}}/api-reference/multi-search/) requests into a single request. |
| `indices:data/read/msearch/template` | Permission to bundle [multiple search templates]({{site.url}}{{site.baseurl}}/api-reference/search-template/#multiple-search-templates) and send them to your OpenSearch cluster in a single request. |
| `indices:data/read/mtv` | Permission to retrieve multiple term vectors with a single request. |
| `indices:data/read/mtv*` | Permission to retrieve multiple term vectors with a single request. |
| `indices:data/read/plugins/replication/file_chunk` | Permission to check files during segment replication. |
| `indices:data/read/plugins/replication/changes` | Permission to make changes to segment replication settings. |
| `indices:data/read/scroll` | Permission to scroll data. |
| `indices:data/read/scroll/clear` | Permission to clear read scroll data. |
| `indices:data/read/search` | Permission to [search]({{site.url}}{{site.baseurl}}/api-reference/search/) data.|
| `indices:data/read/search*` | Permission to search data. |
| `indices:data/read/search/template` | Permission to read a search template. |
| `indices:data/read/tv` | Permission to retrieve information and statistics for terms in the fields of a particular document. |
| `indices:data/write/bulk` | Permission to run a [bulk]({{site.url}}{{site.baseurl}}/api-reference/document-apis/bulk/) request. |
| `indices:data/write/bulk*` | Permission to run a bulk request. |
| `indices:data/write/delete` | Permission to [delete documents]({{site.url}}{{site.baseurl}}/api-reference/document-apis/delete-document/). |
| `indices:data/write/delete/byquery` | Permission to delete all documents that [match a query]({{site.url}}{{site.baseurl}}/api-reference/document-apis/delete-by-query/). |
| `indices:data/write/plugins/replication/changes` | |
| `indices:data/write/index` | Permission to add documents to existing indexes. See also [Index document]( {{site.url}}{{site.baseurl}}/api-reference/document-apis/index-document/ ) |
| `indices:data/write/reindex` | Permission to run a [reindex]({{site.url}}{{site.baseurl}}/im-plugin/reindex-data/). |
| `indices:data/write/update` | Permission to update an index. |
| `indices:data/write/update/byquery` | Permission to run the script to update all of the documents that [match the query]({{site.url}}{{site.baseurl}}/api-reference/document-apis/update-by-query/). |
| `indices:monitor/data_stream/stats` | Permission to stream stats. |
| `indices:monitor/recovery` | Permission to access recovery stats. |
| `indices:monitor/segments` | Permission to access segment stats. |
| `indices:monitor/settings/get` | Permission to get mointor settings. |
| `indices:monitor/shard_stores` | Permission to access shard store stats. |
| `indices:monitor/stats` | Permission to access monitoring stats. |
| `indices:monitor/upgrade` | Permission to access upgrade stats. |
<!-- vale on -->
## Security REST permissions