Version: 5.1

Role Model Settings

Getting Started with Roles

Navigate to Main Menu - Settings - Security - Rollup jobs, where all available roles will be displayed.

Security roles

To start the process of creating a role for users, click Create Role or click on an existing role to edit it.

Creating a Role

On the creation page, specify the name of the role in the corresponding field and add permissions for the cluster, indices, and scope.

Name

Specify a role name that describes its intended actions. The role name cannot be changed after creation.

Cluster Permissions

Permissions for the cluster can be set as a group of actions or as individual permissions. Action groups are a list of individual permissions. You can achieve the desired level of security by using some combination of the default permission groups.

Select the required group/permission from the list or create your own permission group by clicking Create New Permission Group.

Security cluster permissions

Index Permissions

Index permissions allow you to specify how users in this role can access certain indices. By default, no index permission is granted.

When creating a new role, a list of parameters for the first permission already exists in the index permissions section. You can add new permissions. To add a new index permission, click Add Index Permission:

Security index permissions

To enter data, you need to expand the Index Permission field group. After clicking, you will see the following fields to fill in:

idex — in this field, you must specify the name of the index or its pattern using wildcards (For example: test_index_* will match all indices whose name starts with test_index_)
index permissions — specifies the permission or group of permissions (see the Permissions section for more details)
document level security (optional) — allows you to restrict the role to a subset of documents.

For example, if we have documents with a "genre" field, and we want to apply the role only to documents where the genre is Comedy. Example:
```
{
  "bool": {
    "must": {
      "match": {
        "genres": "Comedy"
      }
    }
  }
}
```
field level security (optional) — Specify the document fields that the user will be able to see
aonymization (optional) — Specify fields with sensitive data that need to be replaced with random values. This option hashes the field in search results

Editing a Role

To edit a role, click on the role name and then click the Edit Role button on the opened page. The role editing page consists of two tabs: Permissions and Assigned Users:

Role Editing Tabs

On the Permissions tab, you can add permissions for the cluster, indices, and scopes. Editing is done similarly to creation. On the Assigned Users tab, you can add a user to the role being edited.

To assign a user, go to the Assigned Users tab and click Assign Users. On the opened page, specify the users and backend roles by selecting them from the list or create a new one by clicking the corresponding button.

Role Assignment Interface

You can specify either an internal user or a user from Active Directory. After filling in the fields, click Assign.

Getting Started with Roles​

Creating a Role​

Name​

Cluster Permissions​

Index Permissions​

Editing a Role​