0
0
Elasticsearchquery~20 mins

Role-based access control in Elasticsearch - Practice Problems & Coding Challenges

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime
Challenge - 5 Problems
🎖️
Elasticsearch RBAC Master
Get all challenges correct to earn this badge!
Test your skills under time pressure!
Predict Output
intermediate
2:00remaining
What is the output of this role definition query?
Given the following Elasticsearch role definition, what will be the effective cluster privileges for the role named data_analyst?
Elasticsearch
{
  "data_analyst": {
    "cluster": ["monitor"],
    "indices": [
      {
        "names": ["sales-*"],
        "privileges": ["read", "view_index_metadata"]
      }
    ]
  }
}
A["all"]
B["monitor"]
C["monitor", "read", "view_index_metadata"]
D["read", "view_index_metadata"]
Attempts:
2 left
💡 Hint
Cluster privileges and index privileges are separate in Elasticsearch roles.
Predict Output
intermediate
2:00remaining
What error occurs when assigning an invalid privilege?
Consider this role definition snippet in Elasticsearch. What error will Elasticsearch return when trying to create this role?
Elasticsearch
{
  "invalid_role": {
    "cluster": ["invalid_privilege"],
    "indices": [
      {
        "names": ["logs-*"],
        "privileges": ["read"]
      }
    ]
  }
}
A400 Bad Request with message 'unknown cluster privilege [invalid_privilege]'
BRole created successfully with no errors
C500 Internal Server Error
D403 Forbidden error
Attempts:
2 left
💡 Hint
Elasticsearch validates privileges strictly when creating roles.
🚀 Application
advanced
3:00remaining
How to restrict a role to only write access on specific indices?
You want to create a role that allows users to only write data to indices starting with app-logs- but no read or delete access. Which role definition below achieves this?
A
{
  "write_only_role": {
    "cluster": [],
    "indices": [
      {
        "names": ["app-logs-*"],
        "privileges": ["write", "read"]
      }
    ]
  }
}
B
{
  "write_only_role": {
    "cluster": [],
    "indices": [
      {
        "names": ["app-logs-*"],
        "privileges": ["create", "index"]
      }
    ]
  }
}
C
{
  "write_only_role": {
    "cluster": ["write"],
    "indices": [
      {
        "names": ["app-logs-*"],
        "privileges": ["write"]
      }
    ]
  }
}
D
{
  "write_only_role": {
    "cluster": [],
    "indices": [
      {
        "names": ["app-logs-*"],
        "privileges": ["write"]
      }
    ]
  }
}
Attempts:
2 left
💡 Hint
Cluster privileges are not needed for index write access. Use only index privileges.
🔧 Debug
advanced
3:00remaining
Why does this role fail to grant read access on indices?
This role is intended to allow read access on indices named user-data-*, but users report they cannot read those indices. What is the cause?
Elasticsearch
{
  "user_reader": {
    "cluster": ["monitor"],
    "indices": [
      {
        "names": ["user-data-*"],
        "privileges": ["read"]
      }
    ]
  }
}
ACluster privileges must include 'read' to allow index reading
BThe 'privileges' field is missing 'view_index_metadata'
CThe 'names' field should be a list, not a string
DThe role name 'user_reader' is reserved and cannot be used
Attempts:
2 left
💡 Hint
Check the data type of the 'names' field in the indices array.
🧠 Conceptual
expert
3:00remaining
What is the effect of overlapping roles with conflicting privileges?
If a user is assigned two roles: one grants read access on logs-* indices, and another denies read access on logs-2023-* indices, what will be the user's effective access to logs-2023-01?
AThe user will be denied read access because deny privileges take precedence
BThe user will have read access because allow privileges override deny
CThe user will have read access only if the roles are merged manually
DThe user will have no access because conflicting roles cause an error
Attempts:
2 left
💡 Hint
In Elasticsearch, deny rules override allow rules when conflicts occur.