This is an older version of Search Guard. Switch to Latest version
Search Guard supports anonymous authentication. Usually, if no user credentials are provided, Search Guard will decline the request with a security exception. However, if you enable anonymous authentication, unauthenticated requests get assigned to a default user and backend role automatically.
For example, you can grant unauthenticated users read-only access to certain indices, while requiring authentication for all other requests.
Enabling anonymous authentication
To use anonymous authentication, enable it in sg_config.yml like:
searchguard: dynamic: ... http: anonymous_auth_enabled: true
|anonymous_auth_enabled||Whether to enable anonymous authentication. Boolean. Default: false|
User and role mapping
Anonymous users always have the username
sg_anonymous and one backen role named
You can use the role mapping to assign one or more Search Guard role to this user:
sg_anonymous: backendroles: - sg_anonymous_backendrole
sg_anonymous: cluster: - CLUSTER_COMPOSITE_OPS_RO indices: 'public': '*': - READ