Hi there,
I need to create some users and give them permissions to certain indices. For example:
I would like if you can give a brief explanation if this could be posible and/or point me some links to do this via curl (API).
Thanks in advance
I manage to do some of this with this API calls
Create user
PUT _opendistro/_security/api/internalusers/userA
{
“password”: “userA”,
“roles”: [“indexA”]
}
Create role
PUT _opendistro/security/api/roles/indexA
{
“cluster” : [ “CLUSTER_COMPOSITE_OPS”,“cluster:monitor/main”,“cluster:monitor/state”,“cluster:monitor/health”,“indices:monitor/stats” ],
“indices” : {
"indexa": {
"": [
“INDICES_ALL”
]
},
“": {
"”: [“indices:monitor/stats”]
}
}
}
Create role mapping
PUT _opendistro/_security/api/rolesmapping/indexA
{
“backendroles” : [ “indexA” ],
“users” : [ “userA” ]
}
This works just fine, my user can’t do anything else but the specified in the role.
But somethings are unclear to me, why I need to do the role mapping, if someone could help me to understand the diference of a role, role maping, and backend role.
I would also like a good document reference to learn about this concepts
Backend roles are used when you have backend configured for authentication (LDAP, SAML, OpenID etc.)
When user is authenticated the IDP send backend roles information.
Backend roles are mapped to roles in security module to allow access functions and resources of ODFE stack.