Index security (permissions)


Hi there,
I need to create some users and give them permissions to certain indices. For example:

  • userA needs read & write access to indexA
  • userB needs read & write access to indexB
  • userA does not need any permission to indexB,
  • userB does not need any permission to indexA

I would like if you can give a brief explanation if this could be posible and/or point me some links to do this via curl (API).

Thanks in advance


I manage to do some of this with this API calls

Create user
PUT _opendistro/_security/api/internalusers/userA
“password”: “userA”,
“roles”: [“indexA”]

Create role
PUT _opendistro/security/api/roles/indexA
“cluster” : [ “CLUSTER_COMPOSITE_OPS”,“cluster:monitor/main”,“cluster:monitor/state”,“cluster:monitor/health”,“indices:monitor/stats” ],
“indices” : {
": {
": [
": {
”: [“indices:monitor/stats”]

Create role mapping
PUT _opendistro/_security/api/rolesmapping/indexA
“backendroles” : [ “indexA” ],
“users” : [ “userA” ]

This works just fine, my user can’t do anything else but the specified in the role.

But somethings are unclear to me, why I need to do the role mapping, if someone could help me to understand the diference of a role, role maping, and backend role.

I would also like a good document reference to learn about this concepts