iSharkFly-Docs
/
opensearch-docs-cn
mirror of https://github.com/iSharkFly-Docs/opensearch-docs-cn
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Updated action groups tables as per customer request #20231026 (#6405) 

* Updated action groups tables as per customer request

Signed-off-by: eugene7421 <yevhenii.velychenko@eliatra.com>

* Update default-action-groups.md

Signed-off-by: Naarcha-AWS <97990722+Naarcha-AWS@users.noreply.github.com>

---------

Signed-off-by: eugene7421 <yevhenii.velychenko@eliatra.com>
Signed-off-by: Naarcha-AWS <97990722+Naarcha-AWS@users.noreply.github.com>
Co-authored-by: Naarcha-AWS <97990722+Naarcha-AWS@users.noreply.github.com>
This commit is contained in:
eugene7421 2024-02-19 19:16:28 +00:00 committed by GitHub
parent 93878a9e29
commit a89ccdf059
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 28 additions and 30 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

58
_security/access-control/default-action-groups.md
View File

@ -15,42 +15,40 @@ This page catalogs all default action groups. Often, the most coherent way to cr
## General
Name | Description
:--- | :---
unlimited | Grants complete access. Can be used on an cluster- or index-level. Equates to `"*"`.
{% comment %}kibana_all_read | asdf
kibana_all_write | asdf{% endcomment %}
| Action group | Description | Permissions |
| :--- | :--- | :--- |
| unlimited | Grants complete access to action groups. Can be used on an `cluster-` or `index-` level. Equates to "*". | `*` |
## Cluster-level
Name | Description
:---| :---
cluster_all | Grants all cluster permissions. Equates to `cluster:*`.
cluster_monitor | Grants all cluster monitoring permissions. Equates to `cluster:monitor/*`.
cluster_composite_ops_ro | Grants read-only permissions to execute requests like `mget`, `msearch`, or `mtv`, plus permissions to query for aliases.
cluster_composite_ops | Same as `CLUSTER_COMPOSITE_OPS_RO`, but also grants `bulk` permissions and all aliases permissions.
manage_snapshots | Grants permissions to manage snapshots and repositories.
cluster_manage_pipelines | Grants permissions to manage ingest pipelines.
cluster_manage_index_templates | Grants permissions to manage index templates.
| Action group | Description | Permissions |
| :--- | :--- | :--- |
| cluster_all | Grants all cluster permissions. Equates to `cluster:*`. | `cluster:*` |
| cluster_monitor | Grants all cluster monitoring permissions. Equates to `cluster:monitor/*`. | `cluster:monitor/*` |
| cluster_composite_ops_ro | Grants read-only permissions to execute requests like `mget`, `msearch`, or `mtv`, as well as permissions to query for aliases. | `indices:data/read/mget` `indices:data/read/msearch` `indices:data/read/mtv` `indices:admin/aliases/exists*` `indices:admin/aliases/get*` `indices:data/read/scroll` `indices:admin/resolve/index` |
| cluster_composite_ops | Same as `CLUSTER_COMPOSITE_OPS_RO`, but also grants bulk permissions and all aliases permissions. | `indices:data/write/bulk` `indices:admin/aliases*` `indices:data/write/reindex` `indices:data/read/mget` `indices:data/read/msearch` `indices:data/read/mtv` `indices:admin/aliases/exists*` `indices:admin/aliases/get*` `indices:data/read/scroll` `indices:admin/resolve/index` |
| manage_snapshots | Grants permissions to manage snapshots and repositories. | `cluster:admin/snapshot/*` `cluster:admin/repository/*` |
| cluster_manage_pipelines | Grants permissions to manage ingest pipelines. | `cluster:admin/ingest/pipeline/*` |
| cluster_manage_index_templates | Grants permissions to manage index templates. | `indices:admin/template/*` `indices:admin/index_template/*` `cluster:admin/component_template/*` |
## Index-level
Name | Description
:--- | :---
indices_all | Grants all permissions on the index. Equates to `indices:*`.
get | Grants permissions to use `get` and `mget` actions only.
read | Grants read permissions such as search, get field mappings, `get`, and `mget`.
write | Grants permissions to create and update documents within *existing indices*. To create new indexes, see `create_index`.
delete | Grants permissions to delete documents.
crud | Combines the `read`, `write`, and `delete` action groups. Included in the `data_access` action group.
search | Grants permissions to search documents. Includes `suggest`.
suggest | Grants permissions to use the suggest API. Included in the `read` action group.
create_index | Grants permissions to create indexes and mappings.
indices_monitor | Grants permissions to execute all index monitoring actions (e.g. recovery, segments info, index stats, and status).
index | A more limited version of the `write` action group.
data_access | Combines the `crud` action group with `indices:data/*`.
manage_aliases | Grants permissions to manage aliases.
manage | Grants all monitoring and administration permissions for indexes.
| Action group | Description | Permissions |
| :--- | :--- | :--- |
| indices_all | Grants all permissions on the index. Equates to `indices:*`. | `indices:*` |
| get | Grants permissions to use `get` and `mget` actions. | `indices:data/read/get*` `indices:data/read/mget*` |
| read | Grants read permissions on the index such as `search`, `get` field mappings, `get`, and `mget`. | `indices:data/read*` `indices:admin/mappings/fields/get*` `indices:admin/resolve/index` |
| write | Grants permissions to create and update documents within existing indexes. | `indices:data/write*` `indices:admin/mapping/put` |
| delete | Grants permissions to delete documents. | `indices:data/write/delete*` |
| crud | Combines the read, write, and delete action groups. Included in the `data_access` action group. | `indices:data/read*` `indices:admin/mappings/fields/get*` `indices:admin/resolve/index` `indices:data/write*` `indices:admin/mapping/put` |
| search | Grants permissions to search documents, including the Suggest API. | `indices:data/read/search*` `indices:data/read/msearch*` `indices:admin/resolve/index` `indices:data/read/suggest*` |
| suggest | Grants permissions to use the Suggest API. Included in the `read` action group. | `indices:data/read/suggest*` |
| create_index | Grants permissions to create indexes and mappings. | `indices:admin/create` `indices:admin/mapping/put` |
| indices_monitor | Grants permissions to run all index monitoring actions, such as `recovery`, `segments_info`, `index_stats`, and `status`). | `indices:monitor/*` |
| index | A more limited version of the write action group. | `indices:data/write/index*` `indices:data/write/update*` `indices:admin/mapping/put` `indices:data/write/bulk*` |
| data_access | Combines the CRUD action group with `indices:data/*`. | `indices:data/*` `indices:data/read*` `indices:admin/mappings/fields/get*` `indices:admin/resolve/index` `indices:data/write*` `indices:admin/mapping/put` |
| manage_aliases | Grants permissions to manage aliases. | `indices:admin/aliases*` |
| manage | Grants all monitoring and administration permissions for indexes. | `indices:monitor/*` `indices:admin/*` |