Siren Platform User Guide

Security setup

See the the access control permissions (ACL) required by this data reflection plugin for Elasticsearch 6.5.4 :-

      
ingestion_role:
cluster:
  - 'cluster:admin/federate/connector/ingestion/search' // To fetch the list of ingestion configs
  - 'cluster:admin/federate/connector/ingestion/run' // To manually trigger an ingestion
  - 'cluster:admin/federate/connector/jobs/abort' // To abort a job
  - 'cluster:admin/federate/connector/ingestion/get' // To fetch an ingestion config.
  - 'cluster:admin/federate/connector/ingestion/put' // To create an ingestion config
  - 'cluster:admin/federate/connector/ingestion/delete' // To delete an ingestion config
  - 'cluster:admin/federate/connector/datasource/sample' // To sample a SQL query
  - 'cluster:admin/ingest/pipeline/simulate' // To test transform pipeline
  - 'cluster:admin/ingest/pipeline/put' // To put transform pipeline (Excel)
  - 'cluster:admin/ingest/pipeline/delete' // To delete a transform pipeline (Excel) (We need to clear temporary pipelines after import)
indices:
  'csv-*': //This can be limited to specific indices and such permissions would be regarded by Excel Import
    '*':
      - 'indices:admin/get' // To check if an index already exists, if received 403 then user cannot use excel import on that index
      - 'indices:admin/create' // Create an index (You may prevent it in case you want users to only append data to an existing index)
      - 'indices:admin/delete' // Delete an index (You may prevent it, in case you don't want users deleting stuff)
      - 'indices:admin/mapping/put' // Define mapping (You may prevent it in case you want users to only append to an existing index and modify mappings)
      - 'indices:data/write/index' // (To write docs)
      - 'indices:data/write/bulk[s]' // (To write docs)
      - READ                         # To see field capabilities on data model page
      - VIEW_INDEX_METADATA          # Needed to create index patterns
  '?siren-excel-configs':
      '*':
        - 'indices:data/read/search'   # List saved configs
        - 'indices:data/write/index'   # Create a saved config
        - 'indices:data/write/bulk[s]' # Create a saved config
        - 'indices:data/read/get'      # Use a saved config
        - 'indices:data/write/delete'  # Delete a saved config