After you configure the Security plugin to use your own certificates and preferred authentication backend, you can start adding users, creating roles, and mapping roles to users.
This section of the documentation covers what a user is allowed to see and do after successfully authenticating.
|Permission||An individual action, such as creating an index (e.g. |
|Action group||A set of permissions. For example, the predefined |
|Role||Security roles define the scope of a permission or action group: cluster, index, document, or field. For example, a role named |
|Backend role||(Optional) Additional, external roles that come from an authorization backend (e.g. LDAP/Active Directory).|
|User||Users make requests to Elasticsearch clusters. A user has credentials (e.g. a username and password), zero or more backend roles, and zero or more custom attributes.|
|Role mapping||Users assume roles after they successfully authenticate. Role mappings, well, map roles to users (or backend roles). For example, a mapping of |
The Security plugin comes with a number of predefined action groups, roles, mappings, and users. These entities serve as sensible defaults and are good examples of how to use the plugin.