Default action groups
This page catalogs all default action groups. Often, the most coherent way to create new action groups is to use a combination of these default groups and individual permissions.
General
| Action group | Description | Permissions |
|---|
| unlimited | Grants complete access to action groups. Can be used on an cluster- or index- level. Equates to “”. | |
Cluster-level
| Action group | Description | Permissions |
|---|
| cluster_all | Grants all cluster permissions. Equates to cluster:. | cluster: |
| cluster_monitor | Grants all cluster monitoring permissions. Equates to cluster:monitor/. | cluster:monitor/ |
| cluster_composite_ops_ro | Grants read-only permissions to execute requests like mget, msearch, or mtv, as well as permissions to query for aliases. | indices:data/read/mget indices:data/read/msearch indices:data/read/mtv indices:admin/aliases/exists indices:admin/aliases/get indices:data/read/scroll indices:admin/resolve/index |
| cluster_composite_ops | Same as CLUSTER_COMPOSITE_OPS_RO, but also grants bulk permissions and all aliases permissions. | indices:data/write/bulk indices:admin/aliases indices:data/write/reindex indices:data/read/mget indices:data/read/msearch indices:data/read/mtv indices:admin/aliases/exists indices:admin/aliases/get indices:data/read/scroll indices:admin/resolve/index |
| manage_snapshots | Grants permissions to manage snapshots and repositories. | cluster:admin/snapshot/ cluster:admin/repository/ |
| cluster_manage_pipelines | Grants permissions to manage ingest pipelines. | cluster:admin/ingest/pipeline/ |
| cluster_manage_index_templates | Grants permissions to manage index templates. | indices:admin/template/ indices:admin/index_template/ cluster:admin/component_template/* |
Index-level
| Action group | Description | Permissions |
|---|
| indices_all | Grants all permissions on the index. Equates to indices:. | indices: |
| get | Grants permissions to use get and mget actions. | indices:data/read/get indices:data/read/mget |
| read | Grants read permissions on the index such as search, get field mappings, get, and mget. | indices:data/read indices:admin/mappings/fields/get indices:admin/resolve/index |
| write | Grants permissions to create and update documents within existing indexes. | indices:data/write indices:admin/mapping/put |
| delete | Grants permissions to delete documents. | indices:data/write/delete |
| crud | Combines the read, write, and delete action groups. Included in the data_access action group. | indices:data/read indices:admin/mappings/fields/get indices:admin/resolve/index indices:data/write indices:admin/mapping/put |
| search | Grants permissions to search documents, including the Suggest API. | indices:data/read/search indices:data/read/msearch indices:admin/resolve/index indices:data/read/suggest |
| suggest | Grants permissions to use the Suggest API. Included in the read action group. | indices:data/read/suggest |
| create_index | Grants permissions to create indexes and mappings. | indices:admin/create indices:admin/mapping/put |
| indices_monitor | Grants permissions to run all index monitoring actions, such as recovery, segments_info, index_stats, and status). | indices:monitor/ |
| index | A more limited version of the write action group. | indices:data/write/index indices:data/write/update indices:admin/mapping/put indices:data/write/bulk |
| data_access | Combines the CRUD action group with indices:data/. | indices:data/ indices:data/read indices:admin/mappings/fields/get indices:admin/resolve/index indices:data/write indices:admin/mapping/put |
| manage_aliases | Grants permissions to manage aliases. | indices:admin/aliases |
| manage | Grants all monitoring and administration permissions for indexes. | indices:monitor/ indices:admin/* |
我的书签
添加书签
移除书签
