Table of contents
User needs cluster:admin/opensearch/ppl
permission to use PPL plugin. User also needs indices level permission indices:admin/mappings/get
to get field mappings, indices:monitor/settings/get
to get cluster settings, and indices:data/read/search*
to search index.
--INTRODUCED 2.1--
Example: Create the ppl_role for test_user. then test_user could use PPL to query ppl-security-demo
index.
Create the ppl_role and grand permission to access PPL plugin and access ppl-security-demo index:
PUT _plugins/_security/api/roles/ppl_role { "cluster_permissions": [ "cluster:admin/opensearch/ppl" ], "index_permissions": [{ "index_patterns": [ "ppl-security-demo" ], "allowed_actions": [ "indices:data/read/search*", "indices:admin/mappings/get", "indices:monitor/settings/get" ] }] }
Mapping the test_user to the ppl_role:
PUT _plugins/_security/api/rolesmapping/ppl_role { "backend_roles" : [], "hosts" : [], "users" : ["test_user"] }
--INTRODUCED 2.1--
Example: Create ppl_access permission and add to existing role
Create the ppl_access permission:
PUT _plugins/_security/api/actiongroups/ppl_access { "allowed_actions": [ "cluster:admin/opensearch/ppl" ] }
Grant the ppl_access permission to ppl_test_role