Version: 7.x-48.0.0
Community
Anonymous authentication
Search Guard supports anonymous authentication. Usually, if no user credentials are provided, Search Guard will decline the request with a security exception. However, if you enable anonymous authentication, unauthenticated requests get assigned to a default user and backend role automatically.
For example, you can grant unauthenticated users read-only access to certain indices, while requiring authentication for all other requests.
Enabling anonymous authentication
To use anonymous authentication, enable it in sg_config.yml like:
_sg_meta:
type: "config"
config_version: 2
sg_config:
dynamic:
...
http:
anonymous_auth_enabled: true
Name | Description |
---|---|
anonymous_auth_enabled | Whether to enable anonymous authentication. Boolean. Default: false |
User and role mapping
Anonymous users always have the username sg_anonymous
and one backen role named sg_anonymous_backendrole
.
You can use the role mapping to assign one or more Search Guard role to this user:
sg_roles_mapping.yml:
sg_anonymous:
backend_roles:
- sg_anonymous_backendrole
sg_roles.yml:
sg_anonymous:
cluster:
- CLUSTER_COMPOSITE_OPS_RO
indices:
'public':
'*':
- READ