You're viewing version 1.1 of the OpenSearch documentation. This version is no longer maintained. For the latest version, see the current documentation. For information about OpenSearch version maintenance, see Release Schedule and Maintenance Policy.
Default action groups
This page catalogs all default action groups. Often, the most coherent way to create new action groups is to use a combination of these default groups and individual permissions.
General
Name | Description |
unlimited | Grants complete access. Can be used on an cluster- or index-level. Equates to "*" . |
Cluster-level
Name | Description |
cluster_all | Grants all cluster permissions. Equates to cluster:* . |
cluster_monitor | Grants all cluster monitoring permissions. Equates to cluster:monitor/* . |
cluster_composite_ops_ro | Grants read-only permissions to execute requests like mget , msearch , or mtv , plus permissions to query for aliases. |
cluster_composite_ops | Same as CLUSTER_COMPOSITE_OPS_RO , but also grants bulk permissions and all aliases permissions. |
manage_snapshots | Grants permissions to manage snapshots and repositories. |
cluster_manage_pipelines | Grants permissions to manage ingest pipelines. |
cluster_manage_index_templates | Grants permissions to manage index templates. |
Index-level
Name | Description |
indices_all | Grants all permissions on the index. Equates to indices:* . |
get | Grants permissions to use get and mget actions only. |
read | Grants read permissions such as search, get field mappings, get , and mget . |
write | Grants permissions to create and update documents within existing indices. To create new indices, see create_index . |
delete | Grants permissions to delete documents. |
crud | Combines the read , write , and delete action groups. Included in the data_access action group. |
search | Grants permissions to search documents. Includes suggest . |
suggest | Grants permissions to use the suggest API. Included in the read action group. |
create_index | Grants permissions to create indices and mappings. |
indices_monitor | Grants permissions to execute all index monitoring actions (e.g. recovery, segments info, index stats, and status). |
index | A more limited version of the write action group. |
data_access | Combines the crud action group with indices:data/* . |
manage_aliases | Grants permissions to manage aliases. |
manage | Grants all monitoring and administration permissions for indices. |