Link Search Menu Expand Document Documentation Menu

This is an earlier version of the OpenSearch documentation. For the latest version, see the current documentation. For information about OpenSearch version maintenance, see Release Schedule and Maintenance Policy.

Default action groups

This page catalogs all default action groups. Often, the most coherent way to create new action groups is to use a combination of these default groups and individual permissions.

General

Action group Description Permissions
unlimited Grants complete access to action groups. Can be used on an cluster- or index- level. Equates to “*”. *

Cluster-level

Action group Description Permissions
cluster_all Grants all cluster permissions. Equates to cluster:*. cluster:*
cluster_monitor Grants all cluster monitoring permissions. Equates to cluster:monitor/*. cluster:monitor/*
cluster_composite_ops_ro Grants read-only permissions to execute requests like mget, msearch, or mtv, as well as permissions to query for aliases. indices:data/read/mget indices:data/read/msearch indices:data/read/mtv indices:admin/aliases/exists* indices:admin/aliases/get* indices:data/read/scroll indices:admin/resolve/index
cluster_composite_ops Same as CLUSTER_COMPOSITE_OPS_RO, but also grants bulk permissions and all aliases permissions. indices:data/write/bulk indices:admin/aliases* indices:data/write/reindex indices:data/read/mget indices:data/read/msearch indices:data/read/mtv indices:admin/aliases/exists* indices:admin/aliases/get* indices:data/read/scroll indices:admin/resolve/index
manage_snapshots Grants permissions to manage snapshots and repositories. cluster:admin/snapshot/* cluster:admin/repository/*
cluster_manage_pipelines Grants permissions to manage ingest pipelines. cluster:admin/ingest/pipeline/*
cluster_manage_index_templates Grants permissions to manage index templates. indices:admin/template/* indices:admin/index_template/* cluster:admin/component_template/*

Index-level

Action group Description Permissions
indices_all Grants all permissions on the index. Equates to indices:*. indices:*
get Grants permissions to use get and mget actions. indices:data/read/get* indices:data/read/mget*
read Grants read permissions on the index such as search, get field mappings, get, and mget. indices:data/read* indices:admin/mappings/fields/get* indices:admin/resolve/index
write Grants permissions to create and update documents within existing indexes. indices:data/write* indices:admin/mapping/put
delete Grants permissions to delete documents. indices:data/write/delete*
crud Combines the read, write, and delete action groups. Included in the data_access action group. indices:data/read* indices:admin/mappings/fields/get* indices:admin/resolve/index indices:data/write* indices:admin/mapping/put
search Grants permissions to search documents, including the Suggest API. indices:data/read/search* indices:data/read/msearch* indices:admin/resolve/index indices:data/read/suggest*
suggest Grants permissions to use the Suggest API. Included in the read action group. indices:data/read/suggest*
create_index Grants permissions to create indexes and mappings. indices:admin/create indices:admin/mapping/put
indices_monitor Grants permissions to run all index monitoring actions, such as recovery, segments_info, index_stats, and status). indices:monitor/*
index A more limited version of the write action group. indices:data/write/index* indices:data/write/update* indices:admin/mapping/put indices:data/write/bulk*
data_access Combines the CRUD action group with indices:data/*. indices:data/* indices:data/read* indices:admin/mappings/fields/get* indices:admin/resolve/index indices:data/write* indices:admin/mapping/put
manage_aliases Grants permissions to manage aliases. indices:admin/aliases*
manage Grants all monitoring and administration permissions for indexes. indices:monitor/* indices:admin/*
350 characters left

Have a question? .

Want to contribute? or .