Add manage_aliases, manage_templates and open_close_indices as separate privileges #29732
Labels
>enhancement
:Security/Authorization
Roles, Privileges, DLS/FLS, RBAC/ABAC
Team:Security
Meta label for security team
Comments
elasticmachine
added
:Security/Authorization
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Original comment by @ppf2:
The manage privilege today includes the ability to perform destructive actions like delete index.
Since delete_index is already a separate privilege, this is a request to remove delete_index from manage so that customers can give manage role to users who will be setting up the schema/mappings,templates,aliases, without also giving them the ability to delete the index.
And if they need delete_index, they can separately add it to the role.
Please consider this for 5.0. The customer is working around this on 2.x using the no-longer-recommended granular setting for action level privileges (which has already been removed from the product on 5.0).
The text was updated successfully, but these errors were encountered: