1、创建索引:
创建两个索引 “a”和“b”(使用super用户):
索引A:curl -XPUT -u userName:password http://localhost:9200/indexa 索引B:curl -XPUT -u userName:password http://localhost:9200/indexb
2、创建角色:
创建两个角色testRoleA和testRoleB,并将索引 indexa 的权限给testRoleA,indexb的权限给testRoleB
备注:
备注:如果是只读角色"privileges":["all"]改成"privileges":["read"]
testRoleA:
curl -XPOST -u userName:password 'localhost:9200/_xpack/security/role/testRoleA' -H "Content-Type: application/json" -d '{"cluster":["monitor"],"indices":[{"names":["indexa"],"privileges":["all"]}]}'
testUserB:
curl -XPOST -u userName:password 'localhost:9200/_xpack/security/role/testRoleB' -H "Content-Type: application/json" -d '{"cluster":["monitor"],"indices":[{"names":["indexb"],"privileges":["all"]}]}'
3、创建用户:
创建两个用户testUserA,并指定testRoleA(其中password和roles是必填字段):
testUserA:
curl -XPOST -u userName:password 'localhost:9200/_xpack/security/user/testUserA' -H "Content-Type: application/json" -d '{
"password" : "123123",
"full_name" : "testUserA",
"email" : "test@test.com",
"roles" : [ "testRoleA" ],
"metadata" : {
"intelligence" : 7
}
}'
testUserB:
curl -XPOST -u userName:password 'localhost:9200/_xpack/security/user/testUserB' -H "Content-Type: application/json" -d '{
"password" : "123123",
"full_name" : "testUserB",
"email" : "test@test.com",
"roles" : [ "testRoleB" ],
"metadata" : {
"intelligence" : 7
}
}'
4、测试:
尝试使用testUserA去删除索引indexb,尝试使用testUserB去删除索引indexa:
curl -XDELETE -u testUserA:123123 http://localhost:9200/indexb curl -XDELETE -u testUserB:123123 http://localhost:9200/indexa
如果删除失败,出现这样的提示:“xxx is unauthorized for user xxx” ,那么恭喜你,你的es集群权限控制成功啦~~