Index security (permissions)

Hi there,
I need to create some users and give them permissions to certain indices. For example:

  • userA needs read & write access to indexA
  • userB needs read & write access to indexB
  • userA does not need any permission to indexB,
  • userB does not need any permission to indexA

I would like if you can give a brief explanation if this could be posible and/or point me some links to do this via curl (API).

Thanks in advance

I manage to do some of this with this API calls

Create user
PUT _opendistro/_security/api/internalusers/userA
“password”: “userA”,
“roles”: [“indexA”]

Create role
PUT _opendistro/security/api/roles/indexA
“cluster” : [ “CLUSTER_COMPOSITE_OPS”,“cluster:monitor/main”,“cluster:monitor/state”,“cluster:monitor/health”,“indices:monitor/stats” ],
“indices” : {
": {
": [
": {
”: [“indices:monitor/stats”]

Create role mapping
PUT _opendistro/_security/api/rolesmapping/indexA
“backendroles” : [ “indexA” ],
“users” : [ “userA” ]

This works just fine, my user can’t do anything else but the specified in the role.

But somethings are unclear to me, why I need to do the role mapping, if someone could help me to understand the diference of a role, role maping, and backend role.

I would also like a good document reference to learn about this concepts

Backend roles are used when you have backend configured for authentication (LDAP, SAML, OpenID etc.)
When user is authenticated the IDP send backend roles information.
Backend roles are mapped to roles in security module to allow access functions and resources of ODFE stack.