How to Use Role Based Access Control in Elasticsearch
To use
role based access control (RBAC) in Elasticsearch, define roles with specific privileges and assign them to users. Use the _security/role API to create roles and the _security/user API to assign roles, controlling access to indices and cluster actions.Syntax
RBAC in Elasticsearch involves creating roles that specify privileges and then assigning these roles to users. The main APIs are:
PUT /_security/role/{role_name}: Create or update a role with privileges.POST /_security/user/{username}: Create or update a user and assign roles.
Roles define what actions a user can perform on indices or cluster level.
json
PUT /_security/role/{role_name}
{
"cluster": ["all"],
"indices": [
{
"names": ["index1"],
"privileges": ["read", "write"]
}
]
}
POST /_security/user/{username}
{
"password": "user_password",
"roles": ["{role_name}"],
"full_name": "User Full Name"
}Example
This example creates a role named read_only that allows read access to the logs-* indices, then creates a user log_reader with that role.
json
PUT /_security/role/read_only
{
"cluster": [],
"indices": [
{
"names": ["logs-*"] ,
"privileges": ["read"]
}
]
}
POST /_security/user/log_reader
{
"password": "securePass123",
"roles": ["read_only"],
"full_name": "Log Reader"
}Output
{
"acknowledged": true
}
{
"username": "log_reader",
"roles": ["read_only"],
"full_name": "Log Reader",
"enabled": true
}
Common Pitfalls
Common mistakes when using RBAC in Elasticsearch include:
- Not assigning any roles to users, resulting in no access.
- Using overly broad privileges like
allon cluster level unintentionally. - Forgetting to enable security features in Elasticsearch configuration (
xpack.security.enabled: true). - Not specifying correct index patterns in roles, causing denied access.
Always test user access after role assignment.
json
PUT /_security/role/bad_role
{
"cluster": ["all"],
"indices": [
{
"names": ["*"],
"privileges": ["all"]
}
]
}
# This grants too many permissions unintentionally.
# Correct approach:
PUT /_security/role/limited_role
{
"cluster": [],
"indices": [
{
"names": ["app-logs-*"],
"privileges": ["read"]
}
]
}Quick Reference
| API | Purpose | Example Endpoint |
|---|---|---|
| Create/Update Role | Define privileges for roles | PUT /_security/role/{role_name} |
| Create/Update User | Assign roles to users | POST /_security/user/{username} |
| Get Roles | List all roles | GET /_security/role |
| Get Users | List all users | GET /_security/user |
Key Takeaways
Enable security features in Elasticsearch before using RBAC.
Create roles with specific privileges to control access precisely.
Assign roles to users to grant them permissions.
Test user access to ensure roles work as expected.
Avoid using overly broad privileges to maintain security.