Example of configuring Elastic Stack Security
This example implements the generic concepts presented in Configuring security for Siren Federate using Elastic Stack Security.
Before you begin, see the Elastic Stack Security documentation and the introduction on Configuring security for Siren Federate.
Configuring roles
Elastic Stack Security uses roles to define permissions, or Elastic Stack Security privileges
, on action for the cluster and indices.
The users are assigned to one of more roles. See the Elastic Stack Security documentation on how to assign users to roles.
The System role
The following is an example of a System role that can manage internal Siren Federate indices.
To configure an Elastic Stack Security system role for your Siren Federate instance, apply the following role settings:
{
"federate_system": {
"cluster": [
"cluster:internal/federate/*",
"cluster:admin/federate/*",
"cluster:monitor/*"
],
"indices": [
{
"names": [
"/\\.siren.*/"
],
"privileges": [
"all"
]
},
{
"names": [
"*"
],
"privileges": [
"indices:monitor/*",
"indices:admin/*",
"indices:data/read*",
"indices:data/write*"
]
}
]
}
}
The Admin role
This is an example of an Admin role that can manage the license, datasources, virtual indices, and the ingestion jobs.
{
"federate_admin": {
"cluster": [
"cluster:internal/federate/*",
"cluster:admin/federate/*",
"cluster:monitor/*",
"cluster:admin/xpack/security/*"
],
"indices": [
{
"names": [
"*"
],
"privileges": [
"indices:monitor/*",
"indices:admin/*",
"indices:data/read*"
]
}
]
}
}
The User role
This is an example of a User role that has read-only access to indices that are prefixed with logstash-
.
{
"federate_user": {
"cluster": [
"cluster:internal/federate/*"
],
"indices": [
{
"names": [
"logstash-*"
],
"privileges": [
"indices:data/read*",
"indices:admin/aliases/get",
"indices:admin/aliases/exists",
"indices:admin/get",
"indices:admin/exists",
"indices:admin/mappings/fields/get*",
"indices:admin/mappings/get*",
"indices:admin/mappings/federate/connector/get*",
"indices:admin/mappings/federate/connector/fields/get*",
"indices:admin/types/exists",
"indices:admin/validate/query",
"indices:monitor/settings/get",
"indices:admin/template/get"
]
}
]
}
}
The following is an example of a User role called connector_user
with read-only access to the index called db_mysql
.
{
"connector_user":{
"cluster":[
"cluster:internal/federate/*"
],
"indices":[
{
"names":[
"db_mysql"
],
"privileges":[
"indices:data/read*",
"indices:admin/aliases/get",
"indices:admin/aliases/exists",
"indices:admin/get",
"indices:admin/exists",
"indices:admin/mappings/fields/get*",
"indices:admin/mappings/get*",
"indices:admin/mappings/federate/connector/get*",
"indices:admin/mappings/federate/connector/fields/get*",
"indices:admin/types/exists",
"indices:admin/validate/query",
"indices:monitor/settings/get",
"indices:admin/template/get"
]
}
]
}
}