Version: 7.x-35.0.0
Community

Cross Cluster Search Support

Search Guard supports Cross Cluster Search out of the box, so there is nothing special to configure to make it work. Cross Cluster Search will replace Tribe nodes which are deprecated in Elasticsearch 6.x.

Authentication Flow

When accessing a remote cluster from a coordinating cluster via Cross Cluster Search:

  • Search Guard authenticates the user on the coordinating cluster
  • Search Guard fetches the users backend roles on the coordinating cluster
  • The call including the authenticated user is forwarded to the remote cluster
  • The user’s permissions are evaluated on the remote cluster

While it is possible to have different configurations regarding authentication and authorization on the remote and coordinating cluster, it is highly recommended to use the same settings on both.

Permissions

To query indices on remote clusters, the user needs to have the following permissions for this index, in addition to the READ or SEARCH permissions:

indices:admin/shards/search_shards

Example:

sg_ humanresources:
  cluster_permissions:
    - SGS_CLUSTER_COMPOSITE_OPS
    - "indices:data/write/bulk"
  index_permissions:
    - index_patterns:
      - 'humanresources'
      allowed_actions:
        - SGS_READ
        - indices:admin/shards/search_shards # needed for CCS        

Not what you were looking for? Try the search.