Cross Cluster Search Support
Search Guard supports Cross Cluster Search out of the box, so there is nothing special to configure to make it work. Cross Cluster Search will replace Tribe nodes which are deprecated in Elasticsearch 6.x.
When accessing a
remote cluster from a
coordinating cluster via Cross Cluster Search:
- Search Guard authenticates the user on the coordinating cluster
- Search Guard fetches the users backend roles on the coordinating cluster
- The call including the authenticated user is forwarded to the remote cluster
- The user’s permissions are evaluated on the remote cluster
While it is possible to have different configurations regarding authentication and authorization on the remote and coordinating cluster, it is highly recommended to use the same settings on both.
To query indices on remote clusters, the user needs to have the following permissions for this index, in addition to the READ or SEARCH permissions:
sg_ humanresources: cluster_permissions: - SGS_CLUSTER_COMPOSITE_OPS - "indices:data/write/bulk" index_permissions: - index_patterns: - 'humanresources' allowed_actions: - SGS_READ - indices:admin/shards/search_shards # needed for CCS