Version: 7.x-36.0.0

This is a technical preview. Technical preview features are not fully supported, may not be functionally complete, and are not suitable for deployment in production. We encourage you to try them out and provide your feedback, good and bad, on the Search Guard forum. This will help us improve and add any features you might be missing.

Security execution context

Signals is fully integrated with all Search Guard security features.

In particular this means that each watch is executed in a security context that controls to what data on Elasticsearch the watch has access to:

  • The security context is stored as part of the watch definition
  • It is encrypted, and can be changed only by the Signals application
  • It is not accessible via the REST API.

Each watch is executed with the Search Guard permissions the user that created the watch had at the time of watch creation.

The security context is not bound to a Search Guard user or a Search Guard role. This makes sure that even if the user who created watches is deleted, the created watches will continue to work.

The permissions that are stored in the security context of the watch include access permissions to indices, and also all advanced settings like Document- and Fiel-level security or Field anonymization.

If a user edits a watch has had been created before by a different user, the security context will be replaced with the permissions of the current user.


Not what you were looking for? Try the search.