all

All cluster administration operations, like snapshotting, node shutdown/restart, settings update, rerouting, or managing users and roles.

create_snapshot

Privileges to create snapshots for existing repositories. Can also list and view details on existing repositories and snapshots.

monitor_snapshot

Privileges to list and view details on existing repositories and snapshots.

manage

Builds on monitor and adds cluster operations that change values in the cluster. This includes snapshotting, updating settings, and rerouting. It also includes obtaining snapshot and restore status. This privilege does not include the ability to manage security.

manage_api_key

All security-related operations on Elasticsearch API keys including creating new API keys, retrieving information about API keys, and invalidating API keys.

manage_ccr

All cross-cluster replication operations related to managing follower indices and auto-follow patterns. It also includes the authority to grant the privileges necessary to manage follower indices and auto-follow patterns. This privilege is necessary only on clusters that contain follower indices.

manage_transform

All operations related to managing transforms.

manage_ilm

All index lifecycle management operations related to managing policies.

manage_index_templates

All operations on index templates.

manage_ingest_pipelines

All operations on ingest node pipelines.

manage_ml

All machine learning operations, such as creating and deleting datafeeds, jobs, and model snapshots.

manage_own_api_key

All security-related operations on Elasticsearch API keys that are owned by the current authenticated user. The operations include creating new API keys, retrieving information about API keys, and invalidating API keys.

manage_pipeline

All operations on ingest pipelines.

manage_rollup

All rollup operations, including creating, starting, stopping and deleting rollup jobs.

manage_saml

Enables the use of internal Elasticsearch APIs to initiate and manage SAML authentication on behalf of other users.

manage_security

All security-related operations such as CRUD operations on users and roles and cache clearing.

manage_token

All security-related operations on tokens that are generated by the Elasticsearch Token Service.

manage_watcher

All watcher operations, such as putting watches, executing, activate or acknowledging.

monitor

All cluster read-only operations, like cluster health and state, hot threads, node info, node and cluster stats, and pending cluster tasks.

monitor_transform

All read-only operations related to transforms.

monitor_ml

All read-only machine learning operations, such as getting information about datafeeds, jobs, model snapshots, or results.

monitor_rollup

All read-only rollup operations, such as viewing the list of historical and currently running rollup jobs and their capabilities.

monitor_watcher

All read-only watcher operations, such as getting a watch and watcher stats.

read_ccr

All read-only cross-cluster replication operations, such as getting information about indices and metadata for leader indices in the cluster. It also includes the authority to check whether users have the appropriate privileges to follow leader indices. This privilege is necessary only on clusters that contain leader indices.

read_ilm

All read-only index lifecycle management operations, such as getting policies and checking the status of index lifecycle management

transport_client

All privileges necessary for a transport client to connect. Required by the remote cluster to enable Cross Cluster Search.

all

Any action on an index

create

Privilege to index documents. Also grants access to the update mapping action.

create_doc

Privilege to index documents. Also grants access to the update mapping action. However, it does not enable a user to update existing documents.

create_index

Privilege to create an index. A create index request may contain aliases to be added to the index once created. In that case the request requires the manage privilege as well, on both the index and the aliases names.

delete

Privilege to delete documents.

delete_index

Privilege to delete an index.

index

Privilege to index and update documents. Also grants access to the update mapping action.

maintenance

Permits refresh, flush, synced flush and force merge index administration operations. No privilege to read or write index data or otherwise manage the index.

manage

All monitor privileges plus index administration (aliases, analyze, cache clear, close, delete, exists, flush, mapping, open, force merge, refresh, settings, search shards, templates, validate).

manage_follow_index

All actions that are required to manage the lifecycle of a follower index, which includes creating a follower index, closing it, and converting it to a regular index. This privilege is necessary only on clusters that contain follower indices.

manage_ilm

All index lifecycle management operations relating to managing the execution of policies of an index This includes operations like retrying policies, and removing a policy from an index.

manage_leader_index

All actions that are required to manage the lifecycle of a leader index, which includes forgetting a follower. This privilege is necessary only on clusters that contain leader indices.

monitor

All actions that are required for monitoring (recovery, segments info, index stats and status).

read

Read-only access to actions (count, explain, get, mget, get indexed scripts, more like this, multi percolate/search/termvector, percolate, scroll, clear_scroll, search, suggest, tv).

read_cross_cluster

Read-only access to the search action from a remote cluster.

view_index_metadata

Read-only access to index metadata (aliases, aliases exists, get index, exists, field mappings, mappings, search shards, type exists, validate, warmers, settings, ilm). This privilege is primarily available for use by Kibana users.

write

Privilege to perform all write operations to documents, which includes the permission to index, update, and delete documents as well as performing bulk operations. Also grants access to the update mapping action.