Cluster-permission indices:data/write/bulk needed for adding data?- implications?


I am currently setting up an opendistro-cluster and I am trying to control which server may send to which index via filebeat.

I configured filebeat to use an application specific index and set up a logproducer-role for each application.

the role has the following permissions:

    - "cluster:monitor/main"
        - "app-{{appname}}-*"
        - "our_logproducer"

action group is defined as

  type: "actiongroups"
  config_version: 2

# Action Group for log producing servers
    - "indices:data/write/index*"
    - "indices:admin/mapping/put"
    - "indices:admin/create"
    - "indices:admin/exists"
    - "indices:admin/get"
    - "cluster:monitor/main"
    - "indices:data/write/bulk"

This seems not work. Log shipping is possible after I permit “indices:data/write/bulk” as cluster permission.

This is the part I do neither understand nor know which this implies.

So I have two questions:

  1. Does perrmitting “indices:data/write/bulk” on cluster level allow for write on any index?
  2. is there any documentation about the permissions and what exactly they control - I only found a list of built in permission on

Regards Michael

1 Like

I faced the same issue. I configured a role using the HTTP API that allows the user to only index and search data. The search part worked fine but the indexing was not working.

It kept throwing the below error. The only way to fix this was to add the indices:data/write/bulk permission to the cluster_permissions. What does this permission mean?

[security_exception] no permissions for [indices:data/write/bulk] and User [name=arn:aws:I am::<account_id>:user/my_user, backend_roles=[], requestedTenant=null]

My request body payload for the PUT /_opendistro/_security/api/roles/search_and_index HTTP API

    "cluster_permissions": [
    "index_permissions": [
            "index_patterns": [
            "dls": "",
            "fls": [],
            "masked_fields": [],
            "allowed_actions": [