启动ES中的安全设置
打开ES的配置文件
elasticsearch/config/elasticsearch.yml
添加配置
xpack.security.enabled: true
xpack.security.authc.accept_default_password: false
创建角色权限
例如先创建一个对"policy"开头的index拥有所有权限的角色policy_admin,并可以在Kibana中作图和做报表,
curl -XPOST -u elastic 'localhost:9200/_security/role/events_admin' -H "Content-Type: application/json" -d '{
"indices" : [
{
"names" : [ "policy*" ],
"privileges" : [ "all" ]
},
{
"names" : [ ".kibana*" ],
"privileges" : [ "manage", "read", "index" ]
}
]
}'
创建账号并绑定角色权限
将用户名加入该角色,your_name账号名字,userpassword账号密码
curl -XPOST -u elastic 'localhost:9200/_security/user/your_name' -H "Content-Type: application/json" -d '{
"password" : "userpassword",
"full_name" : "Full Name",
"email" : "[email protected]",
"roles" : [ "policy_admin" ]
}'
验证例子-es版本:8.2.3
创建账号和角色
root@dev:/usr/share/elasticsearch$ curl -XPOST -u elastic 'localhost:9200/_security/role/policy_admin' -H "Content-Type: application/json" -d '{"indices":[{"names":["policy*"],"privileges":["all"]},{"names":[".kibana*"],"privileges":["manage","read","index"]}]}'Enter host password for user 'elastic':{"role":{"created":true}}
root@dev:/usr/share/elasticsearch$ curl -XPOST -u elastic 'localhost:9200/_security/user/policy' -H "Content-Type: application/json" -d '{"password":"policy","full_name":"Full Name","email":"[email protected]","roles":["policy_admin"]}'Enter host password for user 'elastic':{"created":true}
创建索引
超级管理员权限能操作的索引:
Policy账号权限能能操作的索引:
例子看出设置的角色权限生效
结论:账号绑定角色,权限范围由角色决定,例子中policy账号权限范围是policy开头的索引所有权限。
标签:
elasticsearch
大数据
本文转载自: https://blog.csdn.net/weixin_56432168/article/details/128492273
版权归原作者 。。。。。。372 所有, 如有侵权,请联系我们删除。
版权归原作者 。。。。。。372 所有, 如有侵权,请联系我们删除。