Siren Platform User Guide

Security standardization

The purpose of security standardization is to provide standard security configuration for all possible backends, and full support for Investigate 10.3.0.

This entails standardizing both action groups and role mappings.

Procedure

To standardize your security according to new action groups:

  • Download the applicable security bundle below.

  • Add any new client-specific roles or action groups you have added (if any) based on the action group and action name changes listed below.

  • Put the modified configuration files in the ./elasticsearch/config/sgconfig/ folder and upload the configuration to the cluster.

  • Ensure that you explicitly specify your ACL admin_role and Sentinl user_role in investigate.yml as defaults may have changed.

Standard sgconfig bundles

The following sgconfig bundles are available:

Action Group changes

Removed

Can be (loosely) replaced by

ALL

INDICES_ALL

CREATE_INDEX

WRITE, MANAGE

MANAGE_ALIASES

VIEW_INDEX_METADATA

MONITOR

MANAGE

INDICES_MONITOR

VIEW_INDEX_METADATA

DATA_ACCESS

WRITE, READ, VIEW_INDEX_METADATA

DELETE

WRITE

CRUD

READ, WRITE

SEARCH

READ

SUGGEST

READ

INDEX

WRITE

GET

READ

SIREN_READONLY

READ, VIEW_INDEX_METADATA

SIREN_READWRITE

READ, WRITE, VIEW_INDEX_METADATA

SIREN_CLUSTER

CLUSTER_MANAGE, CLUSTER_MONITOR, CLUSTER_COMPOSITE_OPS_RO

Elasticsearch Action Name Changes

ES 6.3.x onwards:

Index-level actions:

  • indices:data/write/bulk to -> indices:data/write/bulk[s] or you may just use indices:data/write/bulk*.

  • indices:data/read/coordinate-msearch* deprecated (not used by Siren).

Federate Action Name Changes

Federate 10.2.0 onwards:

Index-level actions:

  • indices:siren/plan* to -> indices:data/read/federate/planner/search*

  • indices:siren/mplan* to -> indices:data/read/federate/planner/msearch*

  • indices:data/siren/connector/mappings/get* to -> indices:admin/mappings/federate/connector/get*

  • indices:data/siren/connector/mappings/fields/get* to -> indices:admin/mappings/federate/connector/fields/get*

Cluster-level actions:

  • indices:siren/plan* to -> indices:data/read/federate/planner/search*

  • indices:siren/mplan* to -> indices:data/read/federate/planner/msearch*

  • cluster:siren/internal* to -> cluster:internal/federate/*

  • cluster:admin/plugin/siren/license/get to -> cluster:admin/federate/license/get, or you may just use cluster:admin/federate/*

  • indices:data/siren/connector/* to -> indices:data/read/federate/*, indices:admin/federate/* and cluster:admin/federate/*