Version: SG FLX
Enterprise
This is a Technical Preview and should not yet be used in production.
Search Guard Anomaly Detection security
You can use the Search Guard Security plugin with anomaly detection in Elasticsearch to limit non-admin users to specific actions. For example, you might want some users to only be able to create, update, or delete detectors, while others to only view detectors.
All anomaly detection indexes are protected as system indexes. Only a super admin user or an admin user with a TLS certificate can access system indexes.
Basic permissions
As an admin user, you can use the Security plugin to assign specific permissions to users based on which APIs they need access to. For a list of supported APIs, see Anomaly detection API.
To create and manage detectors, the user may need the following permissions:
- “cluster:admin/searchguard/ad/detector/search”
- “cluster:admin/searchguard/ad/detector/info”
- “indices:monitor/settings/get”
- “indices:monitor/stats”
- “cluster:monitor/state”
- “indices:admin/mappings/get”:
- “cluster:admin/searchguard/ad/detector/preview”
- “cluster:admin/searchguard/ad/detector/validate”
- “cluster:admin/searchguard/ad/detector/write”:
- “cluster:admin/searchguard/ad/detectors/get”
- “cluster:admin/searchguard/ad/tasks/search”
- “cluster:admin/searchguard/ad/result/search”
- “cluster:admin/searchguard/ad/detector/delete”
- “cluster:admin/searchguard/ad/detector/jobmanagement”