Security setup
See the the access control permissions (ACL) required by this data reflection plugin for Elasticsearch 6.5.4 :-
ingestion_role: cluster: - 'cluster:admin/federate/connector/ingestion/search' // To fetch the list of ingestion configs - 'cluster:admin/federate/connector/ingestion/run' // To manually trigger an ingestion - 'cluster:admin/federate/connector/jobs/abort' // To abort a job - 'cluster:admin/federate/connector/ingestion/get' // To fetch an ingestion config. - 'cluster:admin/federate/connector/ingestion/put' // To create an ingestion config - 'cluster:admin/federate/connector/ingestion/delete' // To delete an ingestion config - 'cluster:admin/federate/connector/datasource/sample' // To sample a SQL query - 'cluster:admin/ingest/pipeline/simulate' // To test transform pipeline - 'cluster:admin/ingest/pipeline/put' // To put transform pipeline (Excel) - 'cluster:admin/ingest/pipeline/delete' // To delete a transform pipeline (Excel) (We need to clear temporary pipelines after import) indices: 'csv-*': //This can be limited to specific indices and such permissions would be regarded by Excel Import '*': - 'indices:admin/get' // To check if an index already exists, if received 403 then user cannot use excel import on that index - 'indices:admin/create' // Create an index (You may prevent it in case you want users to only append data to an existing index) - 'indices:admin/delete' // Delete an index (You may prevent it, in case you don't want users deleting stuff) - 'indices:admin/mapping/put' // Define mapping (You may prevent it in case you want users to only append to an existing index and modify mappings) - 'indices:data/write/index' // (To write docs) - 'indices:data/write/bulk[s]' // (To write docs) - READ # To see field capabilities on data model page - VIEW_INDEX_METADATA # Needed to create index patterns '?siren-excel-configs': '*': - 'indices:data/read/search' # List saved configs - 'indices:data/write/index' # Create a saved config - 'indices:data/write/bulk[s]' # Create a saved config - 'indices:data/read/get' # Use a saved config - 'indices:data/write/delete' # Delete a saved config