Potential risks with giving indices:data/read/scroll* permission to all

[Nikhil Utane]

Hi,

* Search Guard version: 6:6.3.1-22.3 

* Elasticsearch version: 6.3.1

I have currently given default readall/readall access to all users of kibana as I don't want them to make any changes to the visualizations.

Unfortunately, this user does not have the required permission to generate reports.

I read here that I need to "add "indices:data/read/scroll*" to cluster level permissions:"

sg_roles.yml: 

# Read all, but no write permissions

sg_readall:

  readonly: true

  cluster:

    - CLUSTER_COMPOSITE_OPS_RO

    - "indices:data/read/scroll*"

  indices:

    '*':

      '*':

        - READ

        - indices:data/read/scroll/clear

Wanted to understand what all the users will be able to do with above permissions?

As I understand from this, this should not give 'write' access so users will not be able to tamper with the data. But just want to be sure about that.

-Thanks

Nikhil

[SG]

Your "sg_readall" role does not give write access, so no risk that anyone who has solely this role can tamper with data.

> --
> You received this message because you are subscribed to the Google Groups "Search Guard Community Forum" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to search-guard...@googlegroups.com.
> To post to this group, send email to search...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/8c1040b7-b6f6-4542-90b9-e513872c1832%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.

[Nikhil Utane]

Thank you for quick response.

To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/35D341B1-553F-4A7C-AAD5-AE61A06AB9F5%40search-guard.com.