You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository was archived by the owner on Aug 16, 2022. It is now read-only.
Copy file name to clipboardExpand all lines: docs/security-access-control/default-action-groups.md
+6-6Lines changed: 6 additions & 6 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -23,24 +23,24 @@ Name | Description
23
23
:---| :---
24
24
CLUSTER_ALL | Grants all cluster permissions. Equates to `cluster:*`.
25
25
CLUSTER_MONITOR | Grants all cluster monitoring permissions. Equates to `cluster:monitor/*`.
26
-
CLUSTER\_COMPOSITE\_OPS\_RO | Grants read-only permissions to execute requests like `mget`, `msearch`, or `mtv`, plus permissions to query for aliases.
27
-
CLUSTER\_COMPOSITE\_OPS | Same as `CLUSTER_COMPOSITE_OPS_RO`, but also grants `bulk` permissions and all aliases permissions.
26
+
CLUSTER_COMPOSITE_OPS_RO | Grants read-only permissions to execute requests like `mget`, `msearch`, or `mtv`, plus permissions to query for aliases.
27
+
CLUSTER_COMPOSITE_OPS | Same as `CLUSTER_COMPOSITE_OPS_RO`, but also grants `bulk` permissions and all aliases permissions.
28
28
MANAGE_SNAPSHOTS | Grants permissions to manage snapshots and repositories.
29
29
30
30
31
31
## Index-level
32
32
33
33
Name | Description
34
34
:--- | :---
35
-
INDICES\_ALL | Grants all permissions on the index. Equates to `indices:*`.
35
+
INDICES_ALL | Grants all permissions on the index. Equates to `indices:*`.
36
36
GET | Grants permissions to use `get` and `mget` actions only.
37
37
READ | Grants read permissions such as search, get field mappings, `get`, and `mget`.
38
38
WRITE | Grants write permissions to documents.
39
39
DELETE | Grants permissions to delete documents.
40
40
CRUD | Combines the READ, WRITE and DELETE action groups.
41
41
SEARCH | Grants permissions to search documents. Includes SUGGEST.
42
42
SUGGEST | Grants permissions to use the suggest API. Included in the READ action group.
43
-
CREATE\_INDEX | Grants permissions to create indices and mappings.
44
-
INDICES\_MONITOR | Grants permissions to execute all index monitoring actions (e.g. recovery, segments info, index stats, and status).
45
-
MANAGE\_ALIASES | Grants permissions to manage aliases.
43
+
CREATE_INDEX | Grants permissions to create indices and mappings.
44
+
INDICES_MONITOR | Grants permissions to execute all index monitoring actions (e.g. recovery, segments info, index stats, and status).
45
+
MANAGE_ALIASES | Grants permissions to manage aliases.
46
46
MANAGE | Grants all monitoring and administration permissions for indices.
Expand all lines: docs/security-configuration/concepts.md
+5-5Lines changed: 5 additions & 5 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -9,18 +9,18 @@ nav_order: 1
9
9
10
10
Understanding the authentication flow is the best way to get started with configuring the Security plugin for Open Distro for Elasticsearch.
11
11
12
-
1.In order to identify the user who wants to access the cluster, the Security plugin needs the user's credentials.
12
+
1.To identify a user who wants to access the cluster, the Security plugin needs the user's credentials.
13
13
14
-
These credentials differ depending on how you've configured the plugin. For example, if you use basic authentication, these credentials are a username and password. If you use a JSON web token, these credentials are stored within the token itself. If you use TLS certificates, the credentials are the distinguished name (DN) of the certificate.
14
+
These credentials differ depending on how you've configured the plugin. For example, if you use basic authentication, the credentials are a user name and password. If you use a JSON web token, the credentials are stored within the token itself. If you use TLS certificates, the credentials are the distinguished name (DN) of the certificate.
15
15
16
16
2. The Security plugin authenticates the user's credentials against a backend: the internal user database, Lightweight Directory Access Protocol (LDAP), Active Directory, Kerberos, or JSON web tokens.
17
17
18
-
The plugin supports chaining backends. If more than one backend is configured, the plugin tries to authenticate the user against all backends until one succeeds. A common use case is to combine the Security plugin's internal user database with LDAP/Active Directory.
18
+
The plugin supports chaining backends. If more than one backend is configured, the plugin tries to authenticate the user against all backends until one succeeds. A common use case is to combine the internal user database of the Security plugin with LDAP/Active Directory.
19
19
20
20
3. (Optional) After an authenticator verifies the user's credentials, the plugin collects any backend roles. In most cases, this backend is LDAP/Active Directory.
21
21
22
-
4.Now that the user has authenticated and any backend roles have been retrieved, the Security plugin uses the role mapping to map security roles to the user (or to the user's backend roles).
22
+
4.After the user is authenticated and any backend roles are retrieved, the Security plugin uses role mapping to map security roles to the user (or to the user's backend roles).
23
23
24
-
If the role mapping doesn't include the user (or the user's backend roles), the user successfully authenticates, but has no permissions.
24
+
If the role mapping doesn't include the user (or the user's backend roles), the user is successfully authenticated but has no permissions.
25
25
26
26
5. The user can now perform actions as defined by the mapped security roles. For example, a user might map to the `kibana_user` role and thus have permissions to access Kibana.
0 commit comments