1、創建索引:
創建兩個索引 “a”和“b”(使用super用戶):
索引A:curl -XPUT -u userName:password http://localhost:9200/indexa
索引B:curl -XPUT -u userName:password http://localhost:9200/indexb
2、創建角色:
創建兩個角色testRoleA和testRoleB,並將索引 indexa 的權限給testRoleA,indexb的權限給testRoleB:
testRoleA:
curl -XPOST -u userName:password 'localhost:9200/_xpack/security/role/testRoleA' -H "Content-Type: application/json" -d '{"cluster":["monitor"],"indices":[{"names":["indexa"],"privileges":["all"]}]}'
testRoleB:
curl -XPOST -u userName:password 'localhost:9200/_xpack/security/role/testRoleB' -H "Content-Type: application/json" -d '{"cluster":["monitor"],"indices":[{"names":["indexb"],"privileges":["all"]}]}'
3、創建用戶:
創建兩個用戶testUserA,並指定testRoleA(其中password和roles是必填字段):
testUserA:
curl -XPOST -u userName:password 'localhost:9200/_xpack/security/user/testUserA' -H "Content-Type: application/json" -d '{
"password" : "123123",
"full_name" : "test user",
"email" : "test@test.com",
"roles" : [ "testRoleA" ],
"metadata" : {
"intelligence" : 7
}
}'
testUserB:
curl -XPOST -u userName:password 'localhost:9200/_xpack/security/user/testUserB' -H "Content-Type: application/json" -d '{
"password" : "123123",
"full_name" : "test user",
"email" : "test@test.com",
"roles" : [ "testRoleB" ],
"metadata" : {
"intelligence" : 7
}
}'
4、測試:
嘗試使用testUserA去刪除索引indexb,嘗試使用testUserB去刪除索引indexa:
curl -XDELETE -u testUserA:123123 http://localhost:9200/indexb
curl -XDELETE -u testUserB:123123 http://localhost:9200/indexa
如果刪除失敗,出現這樣的提示:“xxx is unauthorized for user xxx” ,那么恭喜你,你的es集群權限控制成功啦~~