Append only Index

Is there any feature planned in the roadmap of OpenSearch to restrict update to an index?

Such feature will be a candidate to store audit logs to which only insertions are allowed.

It is possible to write a rest plugin to control certain rest APIs to do only create document. but bulk load API cannot be controlled as it does not contain any operation(write or update or delete) related information in the URI.

[Moving this to the security category]

You might want to take a look at the security plugin and the roles/permissions. Additionally, index state management also can set an index to read-only so you can achieve some of this functionality with that.

Many thanks for the response. I read the roles/permissions. I would say it does not solve the purpose completely. For example, the bulk api permission looks like below,

  • indices:data/write/bulk
  • indices:data/write/bulk*

Bulk API json payload can contain mixed requests on it ie index/update/delete requests.

Is it possible to have further granularity in the permission of bulk API ? say a user is allowed only to index a document via bulk API and the user is restricted from updating documents via bulk API.

Use Case : Security general requirement - Detect modification to logs - If a log is stored in opensearch and is modified by an user, it must be detected. At least it must be protected from modification - append only indices (not sure if its possible).

1 Like