What is Role-based access control in Elasticsearch?

Elasticsearchquery~5 mins

Role-based access control in Elasticsearch

Choose your learning style9 modes available

Learn Why Deep Visual Try Challenge Project Recall Time

Introduction

Role-based access control (RBAC) helps you control who can see or change data in Elasticsearch. It keeps your data safe by giving different permissions to different users.

You want to let some users only read data but not change it.

You need to allow some users to add or delete data but not access all parts.

You want to manage permissions easily by grouping users into roles.

You want to protect sensitive data from unauthorized access.

You want to audit who accessed or changed data based on roles.

Syntax

Elasticsearch

PUT /_security/role/{role_name}
{
  "cluster": ["permission1", "permission2"],
  "indices": [
    {
      "names": ["index1", "index2"],
      "privileges": ["privilege1", "privilege2"]
    }
  ],
  "applications": [
    {
      "application": "app_name",
      "privileges": ["app_privilege"],
      "resources": ["resource1"]
    }
  ]
}

The cluster field defines permissions for cluster-wide actions like monitoring.

The indices field controls access to specific indexes and what actions are allowed.

Examples

This role lets users read any index starting with 'logs-'. They cannot change data or access other indexes.

Elasticsearch

PUT /_security/role/read_only
{
  "cluster": [],
  "indices": [
    {
      "names": ["logs-*"],
      "privileges": ["read"]
    }
  ]
}

This role gives full control over the cluster and all indexes. Use it for trusted administrators only.

Elasticsearch

PUT /_security/role/admin_role
{
  "cluster": ["all"],
  "indices": [
    {
      "names": ["*"],
      "privileges": ["all"]
    }
  ]
}

This role allows reading and writing to the 'app-data' index and specific application privileges.

Elasticsearch

PUT /_security/role/app_user
{
  "cluster": [],
  "indices": [
    {
      "names": ["app-data"],
      "privileges": ["read", "write"]
    }
  ],
  "applications": [
    {
      "application": "my_app",
      "privileges": ["read_data"],
      "resources": ["resource1"]
    }
  ]
}

Sample Program

This example creates a role named 'marketing_analyst' that can only read the 'marketing-data' index. Then it creates a user 'jane_doe' with that role. Jane can search the marketing data but cannot change it.

Elasticsearch

PUT /_security/role/marketing_analyst
{
  "cluster": [],
  "indices": [
    {
      "names": ["marketing-data"],
      "privileges": ["read"]
    }
  ]
}

PUT /_security/user/jane_doe
{
  "password": "securePass123",
  "roles": ["marketing_analyst"]
}

GET /marketing-data/_search
{
  "query": {
    "match_all": {}
  }
}

OutputSuccess

Important Notes

Always assign the least permissions needed to keep your data safe.

Roles can be combined by assigning multiple roles to a user.

Test roles with a user to make sure permissions work as expected.

Summary

RBAC controls who can do what in Elasticsearch by assigning roles.

Roles define permissions on cluster, indexes, and applications.

Use RBAC to keep your data secure and organized.