You're viewing version 2.5 of the OpenSearch documentation. This version is no longer maintained. For the latest version, see the current documentation. For information about OpenSearch version maintenance, see Release Schedule and Maintenance Policy.
Default action groups
This page catalogs all default action groups. Often, the most coherent way to create new action groups is to use a combination of these default groups and individual permissions.
General
Name
Description
unlimited
Grants complete access. Can be used on an cluster- or index-level. Equates to "*".
Cluster-level
Name
Description
cluster_all
Grants all cluster permissions. Equates to cluster:*.
cluster_monitor
Grants all cluster monitoring permissions. Equates to cluster:monitor/*.
cluster_composite_ops_ro
Grants read-only permissions to execute requests like mget, msearch, or mtv, plus permissions to query for aliases.
cluster_composite_ops
Same as CLUSTER_COMPOSITE_OPS_RO, but also grants bulk permissions and all aliases permissions.
manage_snapshots
Grants permissions to manage snapshots and repositories.
cluster_manage_pipelines
Grants permissions to manage ingest pipelines.
cluster_manage_index_templates
Grants permissions to manage index templates.
Index-level
Name
Description
indices_all
Grants all permissions on the index. Equates to indices:*.
get
Grants permissions to use get and mget actions only.
read
Grants read permissions such as search, get field mappings, get, and mget.
write
Grants permissions to create and update documents within existing indices. To create new indices, see create_index.
delete
Grants permissions to delete documents.
crud
Combines the read, write, and delete action groups. Included in the data_access action group.
search
Grants permissions to search documents. Includes suggest.
suggest
Grants permissions to use the suggest API. Included in the read action group.
create_index
Grants permissions to create indices and mappings.
indices_monitor
Grants permissions to execute all index monitoring actions (e.g. recovery, segments info, index stats, and status).
index
A more limited version of the write action group.
data_access
Combines the crud action group with indices:data/*.
manage_aliases
Grants permissions to manage aliases.
manage
Grants all monitoring and administration permissions for indices.