Default action groups This page catalogs all default action groups. Often, the most coherent way to create new action groups is to use a combination of these default groups and individual permissions .
General Action group Description Permissions unlimited Grants complete access to action groups. Can be used on an cluster-
or index-
level. Equates to “*”. *
Cluster-level Action group Description Permissions cluster_all Grants all cluster permissions. Equates to cluster:*
. cluster:*
cluster_monitor Grants all cluster monitoring permissions. Equates to cluster:monitor/*
. cluster:monitor/*
cluster_composite_ops_ro Grants read-only permissions to execute requests like mget
, msearch
, or mtv
, as well as permissions to query for aliases. indices:data/read/mget
indices:data/read/msearch
indices:data/read/mtv
indices:admin/aliases/exists*
indices:admin/aliases/get*
indices:data/read/scroll
indices:admin/resolve/index
cluster_composite_ops Same as CLUSTER_COMPOSITE_OPS_RO
, but also grants bulk permissions and all aliases permissions. indices:data/write/bulk
indices:admin/aliases*
indices:data/write/reindex
indices:data/read/mget
indices:data/read/msearch
indices:data/read/mtv
indices:admin/aliases/exists*
indices:admin/aliases/get*
indices:data/read/scroll
indices:admin/resolve/index
manage_snapshots Grants permissions to manage snapshots and repositories. cluster:admin/snapshot/*
cluster:admin/repository/*
cluster_manage_pipelines Grants permissions to manage ingest pipelines. cluster:admin/ingest/pipeline/*
cluster_manage_index_templates Grants permissions to manage index templates. indices:admin/template/*
indices:admin/index_template/*
cluster:admin/component_template/*
Index-level Action group Description Permissions indices_all Grants all permissions on the index. Equates to indices:*
. indices:*
get Grants permissions to use get
and mget
actions. indices:data/read/get*
indices:data/read/mget*
read Grants read permissions on the index such as search
, get
field mappings, get
, and mget
. indices:data/read*
indices:admin/mappings/fields/get*
indices:admin/resolve/index
write Grants permissions to create and update documents within existing indexes. indices:data/write*
indices:admin/mapping/put
delete Grants permissions to delete documents. indices:data/write/delete*
crud Combines the read, write, and delete action groups. Included in the data_access
action group. indices:data/read*
indices:admin/mappings/fields/get*
indices:admin/resolve/index
indices:data/write*
indices:admin/mapping/put
search Grants permissions to search documents, including the Suggest API. indices:data/read/search*
indices:data/read/msearch*
indices:admin/resolve/index
indices:data/read/suggest*
suggest Grants permissions to use the Suggest API. Included in the read
action group. indices:data/read/suggest*
create_index Grants permissions to create indexes and mappings. indices:admin/create
indices:admin/mapping/put
indices_monitor Grants permissions to run all index monitoring actions, such as recovery
, segments_info
, index_stats
, and status
). indices:monitor/*
index A more limited version of the write action group. indices:data/write/index*
indices:data/write/update*
indices:admin/mapping/put
indices:data/write/bulk*
data_access Combines the CRUD action group with indices:data/*
. indices:data/*
indices:data/read*
indices:admin/mappings/fields/get*
indices:admin/resolve/index
indices:data/write*
indices:admin/mapping/put
manage_aliases Grants permissions to manage aliases. indices:admin/aliases*
manage Grants all monitoring and administration permissions for indexes. indices:monitor/*
indices:admin/*