Index security (permissions)

#1

Hi there,
I need to create some users and give them permissions to certain indices. For example:

  • userA needs read & write access to indexA
  • userB needs read & write access to indexB
  • userA does not need any permission to indexB,
  • userB does not need any permission to indexA

I would like if you can give a brief explanation if this could be posible and/or point me some links to do this via curl (API).

Thanks in advance

#2

I manage to do some of this with this API calls

Create user
PUT _opendistro/_security/api/internalusers/userA
{
“password”: “userA”,
“roles”: [“indexA”]
}

Create role
PUT _opendistro/security/api/roles/indexA
{
“cluster” : [ “CLUSTER_COMPOSITE_OPS”,“cluster:monitor/main”,“cluster:monitor/state”,“cluster:monitor/health”,“indices:monitor/stats” ],
“indices” : {
"indexa
": {
"
": [
“INDICES_ALL”
]
},
": {
"
”: [“indices:monitor/stats”]
}
}
}

Create role mapping
PUT _opendistro/_security/api/rolesmapping/indexA
{
“backendroles” : [ “indexA” ],
“users” : [ “userA” ]
}

This works just fine, my user can’t do anything else but the specified in the role.

But somethings are unclear to me, why I need to do the role mapping, if someone could help me to understand the diference of a role, role maping, and backend role.

I would also like a good document reference to learn about this concepts