沪ICP备2021032517号-1

Elasticsearch 用户及角色权限API

  |   0 评论   |   0 浏览

读写角色

该角色不需要dev tools工具等工作区的权限

POST /_security/role/app_user
{
  "cluster": [
    "monitor"
  ],
  "indices": [
    {
      "names": [
        "index1",
        "index2"
      ],
      "privileges": [
        "create",
        "create_doc",
        "create_index",
        "delete",
        "index",
        "read",
        "write",
        "view_index_metadata",
        "monitor"
      ]
    }
  ]
}

读写用户

POST /_xpack/security/user/app_user?pretty
{
   "password" : "123456",

   "full_name" : "业务用户",

   "roles" : ["app_user"]

 }

只读角色

可访问 dev tools 不能下载和导出 csv文件

POST /_security/role/developer
{
  "cluster": [],
  "indices": [
    {
      "names": [
        "index1",
        "index2"
      ],
      "privileges": [
        "read",
        "view_index_metadata",
        "monitor"
      ]
    }
  ],
  "applications": [
    {
      "application": "kibana-.kibana",
      "privileges": [
        "feature_discover.all",
        "feature_dev_tools.all"
      ],
      "resources": [
        "space:default"
      ]
    }
  ]
}

只读角色可导出csv文件角色

可访问 dev tools 保存和下载 csv文件

POST /_security/role/developer
{
  "cluster": [],
  "indices": [
    {
      "names": [
        "index1",
        "index2"
      ],
      "privileges": [
        "read",
        "view_index_metadata"
      ]
    }
  ],
  "applications": [
    {
      "application": "kibana-.kibana",
      "privileges": [
        "feature_discover.all",
        "feature_savedObjectsManagement.all",
        "feature_dev_tools.all"
      ],
      "resources": [
        "space:default"
      ]
    }
  ]
 }

OSS版本ES角色和用户权限

创建角色

读写角色

PUT _opendistro/_security/api/roles/app_user
{
  "cluster_permissions": [
    "cluster_monitor",
    "indices_monitor"
  ],
  "index_permissions": [
    {
      "index_patterns": [
        "*"
      ],
      "dls": "",
      "fls": [],
      "masked_fields": [],
      "allowed_actions": [
        "read",
        "create_index",
        "cluster_monitor",
        "indices_monitor",
        "write",
        "get",
        "search",
        "indices:data/write/update",
        "indices:data/write/index",
        "indices:data/write/bulk",
        "indices:admin/get",
        "indices:data/read/search*",
        "indices:admin/mapping/put",
        "indices:data/read/get",
        "indices:admin/refresh*"
      ]
    }
  ],
  "tenant_permissions": [
    {
      "tenant_patterns": [
        ""
      ],
      "allowed_actions": [
        ""
      ]
    }
  ]
}

用户角色绑定

# 创建用户
PUT _opendistro/_security/api/internalusers/app_user
{
  "password": "123456"
}

# 映射用户角色
PUT _opendistro/_security/api/rolesmapping/app_user
{
  "users" : [ "app_user" ]
}

# 清空映射角色用户映射
DELETE _opendistro/_security/api/rolesmapping/app_user
标题:Elasticsearch 用户及角色权限API
作者:zifuy
地址:https://www.zifuy.cn/articles/2023/08/09/1691550955118.html