REST API for index restrictions

[Wyllys Ingersoll]

Search Guard 6.5.3

Elasticsearch 6.5.3

JVM 1.8

Ubuntu Linux 18.04.1

Are there REST APIs for assigning access controls to individual elasticsearch indexes?  For example, restricting access to a particular index to a specific SG user or SG group? 

Looking at the documents, it appears that I could use the REST api to create roles that restrict access to specific indexes and then assign those roles to a user - is that correct?

thanks!

[Jochen Kressin]

Yes, the most common way is to:

1. Create Search Guard roles that implement the access restrictions you want

https://docs.search-guard.com/latest/roles-permissions

https://docs.search-guard.com/latest/rest-api-roles

2. Map users by their username or backend roles to the Search Guard roles defined in 1)

https://docs.search-guard.com/latest/mapping-users-roles

https://docs.search-guard.com/latest/rest-api-roles-mapping

As a side note, you can also skip the step of mapping users to SG roles, for example, if you want to use LDAP or AD group names directly:

https://docs.search-guard.com/latest/role-mapping-modes

But that is a special case and really only useful for the said LDAP/AD case.

[furong...@gmail.com]

 The community version support the REST API ?

在 2019年2月20日星期三 UTC+8上午2:11:05，Jochen Kressin写道：

[SG]

no, that is an enterprise feature

Please see https://search-guard.com/product/ for a comparison matrix

> --
> You received this message because you are subscribed to the Google Groups "Search Guard Community Forum" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to search-guard...@googlegroups.com.
> To post to this group, send email to search...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/94879316-2c3b-43c8-a3b4-9dda0337f0b2%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.

[furong...@gmail.com]

thanks a lot

在 2019年3月5日星期二 UTC+8上午7:33:44，Search Guard写道：