Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Moving cluster indices permission to cluster section #1656 #7161

Merged
merged 10 commits into from
Jun 5, 2024
Merged

Moving cluster indices permission to cluster section #1656 #7161

Changes from all commits
Commits
Show all changes
10 commits
Select commit Hold shift + click to select a range
6a8f936
Moving cluster indices permission to cluster section #1656
AntonEliatra May 15, 2024
81f9ec7
updating index and cluster permissions
AntonEliatra May 21, 2024
017ed43
removing empty space
AntonEliatra May 21, 2024
655de6b
fixing vale errors
AntonEliatra May 21, 2024
48da417
adding more permissions to the list
AntonEliatra May 21, 2024
2a13d8a
Apply suggestions from code review
AntonEliatra May 28, 2024
64f6a8b
Apply suggestions from code review
Naarcha-AWS May 29, 2024
85f0c04
Apply suggestions from code review
AntonEliatra Jun 5, 2024
f492089
Update permissions.md
AntonEliatra Jun 5, 2024
f0acb6d
Update _security/access-control/permissions.md
AntonEliatra Jun 5, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
42 changes: 29 additions & 13 deletions _security/access-control/permissions.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -182,6 +182,26 @@ Cross-references to API documentation in the permissions that follow are only in
{: .note }


### Cluster wide index permissions

| **Permission** | **Description** |
| :--- | :--- |
| `indices:admin/template/delete` | Permission to [delete index templates]({{site.url}}{{site.baseurl}}/im-plugin/index-templates/#delete-a-template). |
| `indices:admin/template/get` | Permission to [get index templates]({{site.url}}{{site.baseurl}}/im-plugin/index-templates/#retrieve-a-template). |
| `indices:admin/template/put` | Permission to [create index templates]({{site.url}}{{site.baseurl}}/im-plugin/index-templates/#create-a-template). |
| `indices:data/read/scroll` | Permission to scroll through data. This setting must be configured as both a cluster- and index-level permission. |
| `indices:data/read/scroll/clear` | Permission to clear the scroll object. This setting must be configured as both a cluster- and index-level permission. |
| `indices:data/read/mget` | Permission to run [multiple GET operations]({{site.url}}{{site.baseurl}}/api-reference/document-apis/multi-get/) in one request. |
| `indices:data/read/mget*` | Permission to run multiple GET operations in one request. This setting must be configured as both a cluster- and index-level permission. |
| `indices:data/read/msearch` | Permission to run [multiple search]({{site.url}}{{site.baseurl}}/api-reference/multi-search/) requests in a single API request. This setting must be configured as both a cluster- and index-level permission. |
| `indices:data/read/msearch/template` | Permission to bundle [multiple search templates]({{site.url}}{{site.baseurl}}/api-reference/search-template/#multiple-search-templates) and send them to your OpenSearch cluster in a single request. This setting must be configured as both a cluster- and index-level permission. |
| `indices:data/read/mtv` | Permission to retrieve multiple term vectors with a single request. This setting must be configured as both a cluster- and index-level permission. |
| `indices:data/read/mtv*` | Permission to retrieve multiple term vectors with a single request. This setting must be configured as both a cluster- and index-level permission. |
| `indices:data/read/search/template/render` | Permission to render search templates. This setting must be configured as both a cluster- and index-level permission. |
| `indices:data/write/bulk` | Permission to run a [bulk]({{site.url}}{{site.baseurl}}/api-reference/document-apis/bulk/) request. This setting must be configured as both a cluster- and index-level permission. |
| `indices:data/write/bulk*` | Permission to run a bulk request. This setting must be configured as both a cluster- and index-level permission. |
| `indices:data/write/reindex` | Permission to run a [reindex]({{site.url}}{{site.baseurl}}/im-plugin/reindex-data/) operation. |

### Ingest API permissions

See [Ingest APIs]({{site.url}}{{site.baseurl}}/api-reference/ingest-apis/index/).
Expand Down Expand Up @@ -476,36 +496,32 @@ These permissions apply to an index or index pattern. You might want a user to h
| `indices:admin/seq_no/global_checkpoint_sync` | Permission to perform a global checkpoint sync. |
| `indices:admin/settings/update` | Permission to [update index settings]({{site.url}}{{site.baseurl}}/api-reference/index-apis/update-settings/). |
| `indices:admin/shards/search_shards` | Permission to perform [cross cluster search]({{site.url}}{{site.baseurl}}/security/access-control/cross-cluster-search/). |
| `indices:admin/template/delete` | Permission to [delete index templates]({{site.url}}{{site.baseurl}}/im-plugin/index-templates/#delete-a-template). |
| `indices:admin/template/get` | Permission to [get index templates]({{site.url}}{{site.baseurl}}/im-plugin/index-templates/#retrieve-a-template). |
| `indices:admin/template/put` | Permission to [create index templates]({{site.url}}{{site.baseurl}}/im-plugin/index-templates/#create-a-template). |
| `indices:admin/upgrade` | Permission for administrators to perform upgrades. |
| `indices:admin/validate/query` | Permission to validate a specific query. |
| `indices:data/read/explain` | Permission to run the [Explain API]({{site.url}}{{site.baseurl}}/api-reference/explain/). |
| `indices:data/read/field_caps` | Permission to run the [Field Capabilities API]({{site.url}}{{site.baseurl}}/field-types/supported-field-types/alias/#using-aliases-in-field-capabilities-api-operations). |
| `indices:data/read/field_caps*` | Permission to run the Field Capabilities API. |
| `indices:data/read/get` | Permission to read index data. |
| `indices:data/read/mget` | Permission to run [multiple GET operations]({{site.url}}{{site.baseurl}}/api-reference/document-apis/multi-get/) in one request. |
| `indices:data/read/mget*` | Permission to run multiple GET operations in one request. |
| `indices:data/read/msearch` | Permission to run [multiple search]({{site.url}}{{site.baseurl}}/api-reference/multi-search/) requests into a single request. |
| `indices:data/read/msearch/template` | Permission to bundle [multiple search templates]({{site.url}}{{site.baseurl}}/api-reference/search-template/#multiple-search-templates) and send them to your OpenSearch cluster in a single request. |
| `indices:data/read/mtv` | Permission to retrieve multiple term vectors with a single request. |
| `indices:data/read/mtv*` | Permission to retrieve multiple term vectors with a single request. |
| `indices:data/read/mget*` | Permission to run multiple GET operations in one request. This setting must be configured as both a cluster- and index-level permission. |
| `indices:data/read/msearch` | Permission to run [multiple search]({{site.url}}{{site.baseurl}}/api-reference/multi-search/) requests in a single request. This setting must be configured as both a cluster- and index-level permission. |
| `indices:data/read/msearch/template` | Permission to bundle [multiple search templates]({{site.url}}{{site.baseurl}}/api-reference/search-template/#multiple-search-templates) and send them to your OpenSearch cluster in a single request. This setting must be configured as both a cluster- and index-level permission. |
| `indices:data/read/mtv` | Permission to retrieve multiple term vectors with a single request. This setting must be configured as both a cluster- and index-level permission. |
| `indices:data/read/mtv*` | Permission to retrieve multiple term vectors with a single request. This setting must be configured as both a cluster- and index-level permission. |
| `indices:data/read/plugins/replication/file_chunk` | Permission to check files during segment replication. |
| `indices:data/read/plugins/replication/changes` | Permission to make changes to segment replication settings. |
| `indices:data/read/scroll` | Permission to scroll data. |
| `indices:data/read/scroll/clear` | Permission to clear read scroll data. |
| `indices:data/read/scroll` | Permission to scroll through data. This setting must be configured as both a cluster- and index-level permission. |
| `indices:data/read/scroll/clear` | Permission to clear the scroll object. This setting must be configured as both a cluster- and index-level permission. |
| `indices:data/read/search` | Permission to [search]({{site.url}}{{site.baseurl}}/api-reference/search/) data. |
| `indices:data/read/search*` | Permission to search data. |
| `indices:data/read/search/template` | Permission to read a search template. |
| `indices:data/read/tv` | Permission to retrieve information and statistics for terms in the fields of a particular document. |
| `indices:data/write/bulk` | Permission to run a [bulk]({{site.url}}{{site.baseurl}}/api-reference/document-apis/bulk/) request. |
| `indices:data/write/bulk*` | Permission to run a bulk request. |
| `indices:data/write/delete` | Permission to [delete documents]({{site.url}}{{site.baseurl}}/api-reference/document-apis/delete-document/). |
| `indices:data/write/delete/byquery` | Permission to delete all documents that [match a query]({{site.url}}{{site.baseurl}}/api-reference/document-apis/delete-by-query/). |
| `indices:data/write/plugins/replication/changes` | Permission to change data replication configurations and settings within indexes. |
| `indices:data/write/bulk` | Permission to run a [bulk]({{site.url}}{{site.baseurl}}/api-reference/document-apis/bulk/) request. This setting must be configured as both a cluster- and index-level permission. |
| `indices:data/write/bulk*` | Permission to run a bulk request. This setting must be configured as both a cluster- and index-level permission. |
| `indices:data/write/index` | Permission to add documents to existing indexes. See also [Index document]( {{site.url}}{{site.baseurl}}/api-reference/document-apis/index-document/ ). |
| `indices:data/write/reindex` | Permission to run a [reindex]({{site.url}}{{site.baseurl}}/im-plugin/reindex-data/). |
| `indices:data/write/update` | Permission to update an index. |
| `indices:data/write/update/byquery` | Permission to run the script to update all of the documents that [match the query]({{site.url}}{{site.baseurl}}/api-reference/document-apis/update-by-query/). |
| `indices:monitor/data_stream/stats` | Permission to stream stats. |
Expand Down
Loading