Version: 7.x-41.0.0
This is an older version of Search Guard. Switch to Latest version
This is an older version of Search Guard. Switch to Latest version
Community
Anonymous authentication
Search Guard supports anonymous authentication. Usually, if no user credentials are provided, Search Guard will decline the request with a security exception. However, if you enable anonymous authentication, unauthenticated requests get assigned to a default user and backend role automatically.
For example, you can grant unauthenticated users read-only access to certain indices, while requiring authentication for all other requests.
Enabling anonymous authentication
To use anonymous authentication, enable it in sg_config.yml like:
_sg_meta:
type: "config"
config_version: 2
sg_config:
dynamic:
...
http:
anonymous_auth_enabled: true
Name | Description |
---|---|
anonymous_auth_enabled | Whether to enable anonymous authentication. Boolean. Default: false |
User and role mapping
Anonymous users always have the username sg_anonymous
and one backen role named sg_anonymous_backendrole
.
You can use the role mapping to assign one or more Search Guard role to this user:
sg_roles_mapping.yml:
sg_anonymous:
backend_roles:
- sg_anonymous_backendrole
sg_roles.yml:
sg_anonymous:
cluster:
- CLUSTER_COMPOSITE_OPS_RO
indices:
'public':
'*':
- READ