Elastic X-Pack Security
Since Elasticsearch 6.5, action names need to follow a naming convention in order to facilitate the definition of action groups in security plugins such as X-Pack Security. As a consequence, customized roles need to be updated to use new action names. See below for recommended role configuration.
https://www.elastic.co/guide/en/x-pack/current/elasticsearch-security.html
federate system.
{ "federate_system": { "cluster": [ "cluster:internal/federate/*", "cluster:admin/federate/*", "cluster:monitor/*" ], "indices": [ { "names": [ "/\\.siren.*/" ], "privileges": [ "all" ] }, { "names": [ "*" ], "privileges": [ "indices:monitor/*", "indices:admin/*", "indices:data/read*", "indices:data/write*" ] } ] } }
Admin role.
{ "federate_admin": { "cluster": [ "cluster:internal/federate/*", "cluster:admin/federate/*", "cluster:monitor/*", "cluster:admin/xpack/security/*" ], "indices": [ { "names": [ "*" ], "privileges": [ "indices:monitor/*", "indices:admin/*", "indices:data/read*" ] } ] } }
Search role.
{ "federate_user": { "cluster": [ "cluster:internal/federate/*" ], "indices": [ { "names": [ "logstash-*" ], "privileges": [ "indices:data/read*", "indices:admin/aliases/get", "indices:admin/aliases/exists", "indices:admin/get", "indices:admin/exists", "indices:admin/mappings/fields/get*", "indices:admin/mappings/get*", "indices:admin/mappings/federate/connector/get*", "indices:admin/mappings/federate/connector/fields/get*", "indices:admin/types/exists", "indices:admin/validate/query", "indices:monitor/settings/get", "indices:admin/template/get" ] } ] } }