原英文版地址: https://www.elastic.co/guide/en/elasticsearch/reference/7.7/slm-and-security.html, 原文档版权归 www.elastic.co 所有
本地英文版地址: ../en/slm-and-security.html
本地英文版地址: ../en/slm-and-security.html
重要: 此版本不会发布额外的bug修复或文档更新。最新信息请参考 当前版本文档。
Security and SLMedit
Two built-in cluster privileges control access to the SLM actions when Elasticsearch security features are enabled:
-
manage_slm - Allows a user to perform all SLM actions, including creating and updating policies and starting and stopping SLM.
-
read_slm - Allows a user to perform all read-only SLM actions, such as getting policies and checking the SLM status.
-
cluster:admin/snapshot/* - Allows a user to take and delete snapshots of any index, whether or not they have access to that index.
You can create and manage roles to assign these privileges through Kibana Management.
To grant the privileges necessary to create and manage SLM policies and snapshots,
you can set up a role with the manage_slm and cluster:admin/snapshot/* cluster privileges
and full access to the SLM history indices.
For example, the following request creates an slm-admin role:
POST /_security/role/slm-admin
{
"cluster": ["manage_slm", "cluster:admin/snapshot/*"],
"indices": [
{
"names": [".slm-history-*"],
"privileges": ["all"]
}
]
}
To grant read-only access to SLM policies and the snapshot history,
you can set up a role with the read_slm cluster privilege and read access
to the snapshot lifecycle management history indices.
For example, the following request creates a slm-read-only role:
POST /_security/role/slm-read-only
{
"cluster": ["read_slm"],
"indices": [
{
"names": [".slm-history-*"],
"privileges": ["read"]
}
]
}