Configuring Role-Based Access Control
Given the action groups defined above, we can define two types of roles:
- the
federate_admin
role which can administrate Federate. For example, this role can manage license, virtual indices, ingestion jobs, etc. - the
federate_user
role with read-only permissions which can execute Federate’s search requests against one or more indices (virtual or not).
sg_roles.yml.
federate_admin: cluster: - CLUSTER_MANAGE 1 - CLUSTER_MONITOR 2 indices: 'logstash-*': '*': - MANAGE - READ - VIEW_INDEX_METADATA 3 federate_user: cluster: - CLUSTER_INTERNAL_FEDERATE 4 indices: companies: '*': - READ - VIEW_INDEX_METADATA 5
- Grants Federate cluster administration permissions.
- Grants Federate cluster monitoring permissions.
- Grants permissions to read index metadata. This is required given that the Federate’s query engine will access index schema metadata using
indices:admin/mappings/fields/get
during the query evaluation. - Grants cluster-level permission for Federate’s internal actions. This is required for every Federate users.