In OpenSearch, many index permissions appear with both versions: one with a wildcard (*) and one without. For example:
indices:data/write/bulk vs. indices:data/write/bulk*
indices:data/read/search vs. indices:data/read/search*
According to the official documentation, the descriptions for these two types of permissions seem identical. However, I would like to understand the practical difference between them. Why do both exist, and in what situations should each version be used?
@cucukaka This is due to how search is done on the transport level. When a search request is received, its received on a “coordinator” node and has the transport action indices:data/read/search. The coordinator node looks up where to forward this request to in the cluster → where the primary and replica shards are located. It then spawns internal transport actions called indices:data/read/search[p] or indices:data/read/search[r] when forwarding the request to nodes contains a primary of replica. indices:data/read/search* covers all 3 of these.