You're viewing version 2.15 of the OpenSearch documentation. This version is no longer maintained. For the latest version, see the current documentation. For information about OpenSearch version maintenance, see Release Schedule and Maintenance Policy.
System indexes
By default, OpenSearch has a protected system index, .opendistro_security
, which is used to store the Security configuration YAML files. You create this index using securityadmin.sh. Even with a user account that has read permissions for all indexes, you can’t directly access the data in this system index.
Instead, you first need to authenticate with an admin certificate to gain access:
curl -k --cert ./kirk.pem --key ./kirk-key.pem -XGET 'https://localhost:9200/.opendistro_security/_search'
When Security is installed, the demo configuration automatically creates the .opendistro_security
system index. It also adds several other indexes for the various OpenSearch plugins that integrate with the Security plugin:
plugins.security.system_indices.enabled: true
plugins.security.system_indices.indices: [".opendistro-alerting-config", ".opendistro-alerting-alert*", ".opendistro-anomaly-results*", ".opendistro-anomaly-detector*", ".opendistro-anomaly-checkpoints", ".opendistro-anomaly-detection-state", ".opendistro-reports-*", ".opendistro-notifications-*", ".opendistro-notebooks", ".opendistro-asynchronous-search-response*"]
You can add additional system indexes in opensearch.yml
. An alternative way to remove a system index is to delete it from the plugins.security.system_indices.indices
list on each node and restart OpenSearch.