i have serveral questions on the demo configuration:
in the demo configurations, there is a logstash user in the internal_users.yml, there is a logstash role in the roles.yml, and there is backend role logstash to logstash role in the roles_mappings.yml. does OpenDistro for Elasticsearch Security come with logstash or just create those configurations for works with once logstash get installed ? if we use some other way such as graylog sidecar to collect the X beats logs, do we not need those configurations?
in the roles.yml, for role kibana_user has following index permissions been defined:
kibana_user: ... indices: '*': '*': ... - indices:data/read/xpack/rollup* ...
and for role kibana_server has following cluster permissions been defined:
kibana_server: ... cluster: ... - cluster:admin/xpack/monitoring* ...
what do those permissions work for ？
for roles kibana_user and kibana_server in the roles.yml, there are INDEX_ALL permssions especially for indices: ‘?kibana’, ‘?kibana-6’, ‘?kibana_’, and '?management-beats’. do we need both “?kibana” and “?kibana-6” for kibana configuration index ? and again, if we don’t run logstash for beats, can we remove this index permissions from the two kibana related roles?
as we noted that the opendistro_security.roles_mapping_resolution is default to MAPPING_ONLY. but in the roles_mapping.yml, there are roles mapping like:
all_access: readonly: true backendroles: - admin kibana_user: backendroles: - kibanauser manage_snapshots: readonly: true backendroles: - snapshotrestore
but the backend roles admin, kibanauser, snapshotrestore have not been defined in the roles.yml. and similar things happen to internal_users.yml. do those mapping is not used for internal user database as the backend?
- as we have noted that in the demo elasticsearch.yml configuration, there is a configuration parameter:
but it seems there is another configuration parameter:
what are their differences ?