Version: SG FLX
Community
Cross Cluster Search Support
Content
Search Guard supports Cross Cluster Search out of the box, so there is nothing special to configure to make it work. Cross Cluster Search will replace Tribe nodes which are deprecated in Elasticsearch 6.x.
Authentication Flow
When accessing a remote cluster
from a coordinating cluster
via Cross Cluster Search:
- Search Guard authenticates the user on the coordinating cluster
- Search Guard fetches the users backend roles on the coordinating cluster
- The call including the authenticated user is forwarded to the remote cluster
- The user’s permissions are evaluated on the remote cluster
While it is possible to have different configurations regarding authentication and authorization on the remote and coordinating cluster, it is highly recommended to use the same settings on both.
Permissions
To query indices on remote clusters, the user needs to have the following permissions for this index, in addition to the READ or SEARCH permissions:
indices:admin/shards/search_shards
Example:
sg_ humanresources:
cluster_permissions:
- SGS_CLUSTER_COMPOSITE_OPS
- "indices:data/write/bulk"
index_permissions:
- index_patterns:
- 'humanresources'
allowed_actions:
- SGS_READ
- indices:admin/shards/search_shards # needed for CCS