I am running odfe version 1.0.1, I was running 0.9.0 and I was able to map a AD group and give them all admin permissions.
When I did the upgrade and since my cluster was not that big, I decided to rebuild the cluster from the grounds up using Docker containers.
The issue I am having is; I have a AD group “ES_Admins” and I want to give members of the group the same access level as user “admin” but to no avail, here is my current config for the role:
"description": "Allow full admin access ",
Am I missing something? and could you please point me where can I find documentation about the permissions needed for each type of user.
Anyone able to help with this?
Create a New role. Give this role UNLIMITED Cluster permissions. Under “Select Index and Document Type”:
Index = * and Document type = *
Permissions = unlimited
Save new Role
Now go to Role Mappings:
Create a new mapping. From the Dropdown select the role you just created. Add ES_Admins to Backend Roles
Save. ES_Admins members now have access to everything but the Security API
Then, if you want your ES_Admins to have access to the Security API, create a role called security_rest_api_access, (This is a reserved role). Leave Cluster and Index permissions blank. Save. Now go to Role Mappings again and create a new mapping. Choose “security_rest_api_access” from the drop down and add ES_Admins to Backend Roles. Save.
Now ES_admins have the same access and permissions as the built in admin user.
There is probably a better way to accomplish this task but this works for me for now.
@rlk5546, thank you! that actually worked worked for me. I would have never found out about this reserved role, do you know where can I find this documented (if it is)?