原文地址: https://www.elastic.co/guide/en/elasticsearch/reference/7.7/slm-and-security.html, 原文档版权归 www.elastic.co 所有
IMPORTANT: No additional bug fixes or documentation updates
will be released for this version. For the latest information, see the
current release documentation.
Security and SLMedit
Two built-in cluster privileges control access to the SLM actions when Elasticsearch security features are enabled:
-
manage_slm
- Allows a user to perform all SLM actions, including creating and updating policies and starting and stopping SLM.
-
read_slm
- Allows a user to perform all read-only SLM actions, such as getting policies and checking the SLM status.
-
cluster:admin/snapshot/*
- Allows a user to take and delete snapshots of any index, whether or not they have access to that index.
You can create and manage roles to assign these privileges through Kibana Management.
To grant the privileges necessary to create and manage SLM policies and snapshots,
you can set up a role with the manage_slm
and cluster:admin/snapshot/*
cluster privileges
and full access to the SLM history indices.
For example, the following request creates an slm-admin
role:
POST /_security/role/slm-admin { "cluster": ["manage_slm", "cluster:admin/snapshot/*"], "indices": [ { "names": [".slm-history-*"], "privileges": ["all"] } ] }
To grant read-only access to SLM policies and the snapshot history,
you can set up a role with the read_slm
cluster privilege and read access
to the snapshot lifecycle management history indices.
For example, the following request creates a slm-read-only
role:
POST /_security/role/slm-read-only { "cluster": ["read_slm"], "indices": [ { "names": [".slm-history-*"], "privileges": ["read"] } ] }