简体繁体 English

如何防止对 Elasticsearch 中的索引的数据无意写入和删除？

[英]How to prevent inadvertent writes and deletion of data for an index in Elasticsearch?

原文 2020-04-09 10:10:08 5 1 elasticsearch/ kibana-7/ elasticsearch-7

How to prevent users who have access to kibana dev tools, from making any inadvertent changes, updates or deletes in a particular index.Basically what I am looking for is, some kind of authorisation for a particular index, so that only authorised users can be given R/W access and any other users should have only R permission.如何防止有权访问 kibana 开发工具的用户在特定索引中进行任何无意的更改、更新或删除。基本上我正在寻找的是，对特定索引的某种授权，以便只有授权用户可以给定 R/W 访问权限，任何其他用户应该只有 R 权限。

1 个解决方案

You can define privileges like read, write, delete etc. in user roles.您可以在用户角色中定义读取、写入、删除等权限。 Privileges can be categorized into cluster- and index-privileges as documented on this page:如本页所述，特权可分为集群特权和索引特权：

https://www.elastic.co/guide/en/elasticsearch/reference/current/security-privileges.html https://www.elastic.co/guide/en/elasticsearch/reference/current/security-privileges.html

The index-privileges are what you're looking for.索引权限是您正在寻找的。

After creating the roles (eg one for read-write and one for read-only), you simply need to add the particular users to these roles.创建角色后（例如，一个用于读写，一个用于只读），您只需将特定用户添加到这些角色。 Elasticsearch will then check the user's privileges on every action they try to execute and prevent them if needed. Elasticsearch 将检查用户对他们尝试执行的每个操作的权限，并在需要时阻止它们。 This is done via the has_privileges API Elasticsearch internally uses.这是通过内部使用的 has_privileges API Elasticsearch 完成的。

Here's a guide on how to define roles:以下是有关如何定义角色的指南：

https://www.elastic.co/guide/en/elasticsearch/reference/current/defining-roles.html https://www.elastic.co/guide/en/elasticsearch/reference/current/defining-roles.html

Here are some further resources related to that topic:以下是与该主题相关的一些进一步资源：

I hope I could help you.我希望我能帮助你。