Version: SG FLX
Community
This is a Technical Preview and should not yet be used in production.
Security Integration
Automated Index Management ships with predefined action groups that can easily be assigned to Search Guard roles.
AIM action groups
Action group name | Note |
---|---|
SGS_AIM_ALL | Grants access to all AIM APIs |
SGS_AIM_POLICY_READ | Grants read-only access to all AIM Policies |
SGS_AIM_POLICY_MANAGE | Grants permissions to create, delete and read AIM Policies |
SGS_AIM_POLICY_INSTANCE_READ | Grants access to read the current status of an index managed by AIM |
SGS_AIM_POLICY_INSTANCE_MANAGE | Grants access to manually execute, retry and read the current status of an index |
Applying AIM permission to Search Guard roles
Permissions for the AIM APIs are assigned to roles in the cluster_permissions
section of the role definition.
sg_aim_manager:
cluster_permissions:
- SGS_AIM_POLICY_INSTANCE_MANAGE
index_permissions:
...
tenant_permissions:
...