Version: 6.x-23
Community

Demo users and roles

Search Guard ships with a demo configuration that contains users and roles for a variety of use cases. You can use these users and roles as a blueprint for your own permission schema.

Demo users

Search Guard ships with the following demo users:

Username Password Description
admin admin Full access to the cluster and all indices, but no access to the Search Guard configuration. Use an admin certificate for that.
kibanaserver kibanaserver Internal Kibana server user, for configuring elasticsearch.username and elasticsearch.password in kibana.yml. Has all permissions on the .kibana index.
kibanaro kibanaro Regular Kibana user, has READ access to all indices and all permissions on the .kibana index.
logstash logstash Logstash and Beats user, has CRUD and CREATE_INDEX permissions on all logstash and beats indices
readall readall Has read access to all indices
snapshotrestore snapshotrestore Has permissions to perform snapshot and restore operations

Demo roles

Search Guard ships with the following demo roles:

Role name Description
sg_all_access All cluster permissions and all index permissions on all indices
sg_readall Read permissions on all indices, but no write permissions
sg_readonly_and_monitor Read and monitor permissions on all indices, but no write permissions
sg_kibana_server Role for the internal Kibana server user, please refer to the Kibana setup chapter for explanation
sg_kibana_user Minimum permission set for regular Kibana users. In addition to this role, you need to also grant READ permissions on indices the user should be able to access in Kibana.
sg_logstash Role for logstash and beats users, grants full access to all logstash and beats indices.
sg_manage_snapshots Grants full permissions on snapshot, restore and repositories operations
sg_own_index Grants full permissions on an index named after the authenticated user’s username.
sg_xp_monitoring Role for X-Pack Monitoring. Users who wish to use X-Pack Monitoring need this role in addition to the sg_kibana_user role
sg_xp_alerting Role for X-Pack Alerting. Users who wish to use X-Pack Alerting need this role in addition to the sg_kibana role
sg_xp_machine_learning Role for X-Pack Machine Learning. Users who wish to use X-Pack Machine Learning need this role in addition to the sg_kibana role

Note: By default, all users are mapped to the roles sg_public and sg_own_index. You can remove this mapping by deleting the following lines from sg_roles_mapping.yml:

sg_public:
  users:
    - '*'

sg_own_index:
  users:
    - '*'