Permissions

Each permission in Circonus controls access to some action that a user can perform, such as indexing a document. Most permissions are self-describing. Circonus controls access to the underlying platform actions.

For example, consider the following _bulk request:

POST _bulk
{ "delete": { "_index": "test-index", "_id": "tt2229499" } }
{ "index": { "_index": "test-index", "_id": "tt1979320" } }
{ "title": "Rush", "year": 2013 }
{ "create": { "_index": "test-index", "_id": "tt1392214" } }
{ "title": "Prisoners", "year": 2013 }
{ "update": { "_index": "test-index", "_id": "tt0816711" } }
{ "doc" : { "title": "World War Z" } }

For this request to succeed, you must have the following permissions for test-index:

  • indices:data/write/bulk*
  • indices:data/write/delete
  • indices:data/write/index
  • indices:data/write/update

These permissions also allow you to add, update, or delete documents (e.g. PUT test-index/_doc/tt0816711) because they govern the underlying Circonus actions of indexing and deleting documents rather than a specific API path and HTTP method.

Test Permissions

If you want a user to have the absolute minimum set of permissions necessary to perform some function—the principle of least privilege—-the best way is to send representative requests to your cluster as a new test user. In the case of a permissions error, the security plugin is very explicit about which permissions are missing. Consider this request and response:

GET _cat/shards?v

{
  "error": {
    "root_cause": [{
      "type": "security_exception",
      "reason": "no permissions for [indices:monitor/stats] and User [name=test-user, backend_roles=[], requestedTenant=null]"
    }]
  },
  "status": 403
}

Create a user and a role, map the role to the user, and start sending signed requests using curl, Postman, or any other client. Then gradually add permissions to the role as you encounter errors. Even after you resolve one permissions error, the same request might generate new errors; the plugin only returns the first error it encounters, so keep trying until the request succeeds.

Rather than individual permissions, you can often achieve your desired security posture using a combination of the default action groups. See Default Action Groups for descriptions of the permissions that each group grants.

Index Permissions

These permissions apply to an index or index pattern. You might want a user to have read access to all indices (i.e. *) but write access to only a few (e.g. web-logs and product-catalog).

  • indices:admin/aliases
  • indices:admin/aliases/exists
  • indices:admin/aliases/get
  • indices:admin/analyze
  • indices:admin/cache/clear
  • indices:admin/close
  • indices:admin/close*
  • indices:admin/create (create indices)
  • indices:admin/data_stream/create
  • indices:admin/data_stream/delete
  • indices:admin/data_stream/get
  • indices:admin/delete (delete indices)
  • indices:admin/exists
  • indices:admin/flush
  • indices:admin/flush*
  • indices:admin/forcemerge
  • indices:admin/get (retrieve index and mapping)
  • indices:admin/index_template/delete
  • indices:admin/index_template/get
  • indices:admin/index_template/put
  • indices:admin/index_template/simulate
  • indices:admin/index_template/simulate_index
  • indices:admin/mapping/put
  • indices:admin/mappings/fields/get
  • indices:admin/mappings/fields/get*
  • indices:admin/mappings/get
  • indices:admin/open
  • indices:admin/plugins/replication/index/setup/validate
  • indices:admin/plugins/replication/index/start
  • indices:admin/plugins/replication/index/pause
  • indices:admin/plugins/replication/index/resume
  • indices:admin/plugins/replication/index/stop
  • indices:admin/plugins/replication/index/update
  • indices:admin/plugins/replication/index/status_check
  • indices:admin/refresh
  • indices:admin/refresh*
  • indices:admin/resolve/index
  • indices:admin/rollover
  • indices:admin/seq_no/global_checkpoint_sync
  • indices:admin/settings/update
  • indices:admin/shards/search_shards
  • indices:admin/shrink
  • indices:admin/synced_flush
  • indices:admin/template/delete
  • indices:admin/template/get
  • indices:admin/template/put
  • indices:admin/types/exists
  • indices:admin/upgrade
  • indices:admin/validate/query
  • indices:data/read/explain
  • indices:data/read/field_caps
  • indices:data/read/field_caps*
  • indices:data/read/get
  • indices:data/read/mget
  • indices:data/read/mget*
  • indices:data/read/msearch
  • indices:data/read/msearch/template
  • indices:data/read/mtv (multi-term vectors)
  • indices:data/read/mtv*
  • indices:data/read/plugins/replication/file_chunk
  • indices:data/read/plugins/replication/changes
  • indices:data/read/scroll
  • indices:data/read/scroll/clear
  • indices:data/read/search
  • indices:data/read/search*
  • indices:data/read/search/template
  • indices:data/read/tv (term vectors)
  • indices:data/write/bulk
  • indices:data/write/bulk*
  • indices:data/write/delete (delete documents)
  • indices:data/write/delete/byquery
  • indices:data/write/plugins/replication/changes
  • indices:data/write/index (add documents to existing indices)
  • indices:data/write/reindex
  • indices:data/write/update
  • indices:data/write/update/byquery
  • indices:monitor/data_stream/stats
  • indices:monitor/recovery
  • indices:monitor/segments
  • indices:monitor/settings/get
  • indices:monitor/shard_stores
  • indices:monitor/stats
  • indices:monitor/upgrade

Next: Default Action Groups