Bird
Raised Fist0

You want to create a role that allows a user to read from all indexes starting with prod- but only write to prod-logs. Which role definition is correct?

hard🚀 Application Q15 of Q15
Elasticsearch - Security
You want to create a role that allows a user to read from all indexes starting with prod- but only write to prod-logs. Which role definition is correct?
A{ "cluster": ["all"], "indices": [ {"names": ["prod-logs"], "privileges": ["read", "write"]} ] }
B{ "cluster": ["monitor"], "indices": [ {"names": ["prod-logs"], "privileges": ["read", "write"]}, {"names": ["prod-*"], "privileges": ["read", "write"]} ] }
C{ "cluster": ["monitor"], "indices": [ {"names": ["prod-*"], "privileges": ["read"]}, {"names": ["prod-logs"], "privileges": ["write"]} ] }
D{ "cluster": ["monitor"], "indices": [ {"names": ["prod-*"], "privileges": ["write"]} ] }
Step-by-Step Solution
Solution:

  1. Step 1: Understand the requirement

    User needs read access on all 'prod-*' indexes and write only on 'prod-logs'.

  2. Step 2: Check each option

    { "cluster": ["monitor"], "indices": [ {"names": ["prod-*"], "privileges": ["read"]}, {"names": ["prod-logs"], "privileges": ["write"]} ] } correctly assigns 'read' to 'prod-*' and 'write' to 'prod-logs'. { "cluster": ["all"], "indices": [ {"names": ["prod-logs"], "privileges": ["read", "write"]} ] } gives full cluster 'all' which is too broad. { "cluster": ["monitor"], "indices": [ {"names": ["prod-logs"], "privileges": ["read", "write"]}, {"names": ["prod-*"], "privileges": ["read", "write"]} ] } incorrectly grants 'read' and 'write' to all 'prod-*' indexes. { "cluster": ["monitor"], "indices": [ {"names": ["prod-*"], "privileges": ["write"]} ] } wrongly gives 'write' to all 'prod-*' indexes.

  3. Final Answer:

    { "cluster": ["monitor"], "indices": [ {"names": ["prod-*"], "privileges": ["read"]}, {"names": ["prod-logs"], "privileges": ["write"]} ] } -> Option C

  4. Quick Check:

    Read on prod-* + write on prod-logs = correct role [OK]
Quick Trick: Use wildcard for read, specific index for write [OK]
Common Mistakes:
MISTAKES
  • Giving write privilege to all prod-* indexes
  • Using cluster 'all' unnecessarily
  • Mixing up index names and privileges

Want More Practice?

15+ quiz questions · All difficulty levels · Free

Free Signup - Practice All Questions
More Elasticsearch Quizzes
Cluster Management - Rolling upgrades - Quiz 5medium Cluster Management - Cluster health API - Quiz 13medium Cluster Management - Node roles (master, data, ingest) - Quiz 14medium Cluster Management - Why cluster health ensures reliability - Quiz 12easy Cluster Management - Shard allocation awareness - Quiz 5medium Kibana and Visualization - Visualization types - Quiz 5medium Kibana and Visualization - Discover for data exploration - Quiz 10hard Performance and Scaling - Cache management (query, request, field data) - Quiz 4medium Performance and Scaling - Hot-warm-cold architecture - Quiz 11easy Security - API key management - Quiz 8hard