What is the Difference Between Permissions with and without * in OpenSearch?

Permissions - OpenSearch Documentation
image

image

In OpenSearch, many index permissions appear with both versions: one with a wildcard (*) and one without. For example:

  • indices:data/write/bulk vs. indices:data/write/bulk*
  • indices:data/read/search vs. indices:data/read/search*

According to the official documentation, the descriptions for these two types of permissions seem identical. However, I would like to understand the practical difference between them. Why do both exist, and in what situations should each version be used?

Thanks for your help!

@cucukaka This is a future proof solution. When new APIs will appear the “*” will already include them.

1 Like

@cucukaka This is due to how search is done on the transport level. When a search request is received, its received on a “coordinator” node and has the transport action indices:data/read/search. The coordinator node looks up where to forward this request to in the cluster → where the primary and replica shards are located. It then spawns internal transport actions called indices:data/read/search[p] or indices:data/read/search[r] when forwarding the request to nodes contains a primary of replica. indices:data/read/search* covers all 3 of these.