Example for Configuring Elastic Stack Security

This example implements the generic concepts presented in Configuring security for Siren Federate using Elastic Stack Security.

Before you begin, see the Elastic Stack Security documentation and the introduction on Configuring security for Siren Federate ifndef::output-html,output-pdf[Configuring security for Siren Federate].

Configuring roles

Elastic Stack Security uses roles to define permissions, or Elastic Stack Security privileges, on action for the cluster and indices. The users are assigned to one of more roles. See the Elastic Stack Security documentation on how to assign users to roles.

The System role

This is an example of a System role that can manage internal Siren Federate indices.

To configure an Elastic Stack Security system role for your Siren Federate instance, apply the following role settings:

{
  "federate_system": {
    "cluster": [
      "cluster:internal/federate/*",
      "cluster:admin/federate/*",
      "cluster:monitor/*"
    ],
    "indices": [
      {
        "names": [
          "/\\.siren.*/"
        ],
        "privileges": [
          "all"
        ]
      },
      {
        "names": [
          "*"
        ],
        "privileges": [
          "indices:monitor/*",
          "indices:admin/*",
          "indices:data/read*",
          "indices:data/write*"
        ]
      }
    ]
  }
}

Admin role

This is an example of an Admin role that can manage the license, datasources, virtual indices, and the ingestion jobs.

{
  "federate_admin": {
    "cluster": [
      "cluster:internal/federate/*",
      "cluster:admin/federate/*",
      "cluster:monitor/*",
      "cluster:admin/xpack/security/*"
    ],
    "indices": [
      {
        "names": [
          "*"
        ],
        "privileges": [
          "indices:monitor/*",
          "indices:admin/*",
          "indices:data/read*"
        ]
      }
    ]
  }
}

User role

This is an example of a User role that has read-only access to indices that are prefixed with logstash-.

{
  "federate_user": {
    "cluster": [
      "cluster:internal/federate/*"
    ],
    "indices": [
      {
        "names": [
          "logstash-*"
        ],
        "privileges": [
          "indices:data/read*",
          "indices:admin/aliases/get",
          "indices:admin/aliases/exists",
          "indices:admin/get",
          "indices:admin/exists",
          "indices:admin/mappings/fields/get*",
          "indices:admin/mappings/get*",
          "indices:admin/mappings/federate/connector/get*",
          "indices:admin/mappings/federate/connector/fields/get*",
          "indices:admin/types/exists",
          "indices:admin/validate/query",
          "indices:monitor/settings/get",
          "indices:admin/template/get"
        ]
      }
    ]
  }
}

The following is an example of a User role called connector_user with read-only access to the index called db_mysql.

sg_roles.yml
{
  "connector_user":{
    "cluster":[
      "cluster:internal/federate/*"
    ],
    "indices":[
      {
        "names":[
          "db_mysql"
        ],
        "privileges":[
          "indices:data/read*",
          "indices:admin/aliases/get",
          "indices:admin/aliases/exists",
          "indices:admin/get",
          "indices:admin/exists",
          "indices:admin/mappings/fields/get*",
          "indices:admin/mappings/get*",
          "indices:admin/mappings/federate/connector/get*",
          "indices:admin/mappings/federate/connector/fields/get*",
          "indices:admin/types/exists",
          "indices:admin/validate/query",
          "indices:monitor/settings/get",
          "indices:admin/template/get"
        ]
      }
    ]
  }
}