Docs
ues
Product Introduction
Elasticsearch
Plugin Guide
Security plugin

Security Plugin

I. Special Tips

1) Installing the security plugin will trigger a restart of the UES cluster, which will impact the ES service. Please be prepared before installation and choose an appropriate time for installation.

2) After the security plugin is installed, the code for accessing the ES service needs to be modified, and the user name and password must be added to make it usable.

II. Plugin installation

  1. Supported versions

The current UES server version that supports the security plugin is 6.5.4, and other UES versions do not support the installation of the security plug-in at this time.

  1. How to install the security plugin

The method of installing the security plugin is similar to the installation of other plugins. The specific method can be seen in the “Plugin Management” section.

III. Precautions

  1. The installation of the security plugin adopts a node-by-node installation and restart method. After the security plugin of a node is successfully installed, it will not be able to join the original cluster due to the change of the security mechanism. It is necessary to wait for the security plugins of all nodes to be completed before the cluster can resume service. Generally, installing a security plugin for a cluster with three nodes takes about 15 minutes.

  2. After the security plugin is installed, the code for accessing the ES service needs to be modified and added account password information to make it usable (the account password set when creating a cluster is used as the login password after the security mechanism is enabled). Example is as follows:

    curl -H “Content-Type: application/json” -u admin:admin -XGET http://localhost:9200/_cat/health?v

IV. Permissions Management

After the security plugin is installed, log in to Kibana using the Kibana account password set when creating the cluster (also the account password after enabling the security mechanism). In the Kibana menu bar, select the “Security” menu item to enter the permission management interface.

Roles are a core way to control cluster access. Roles include cluster-level permissions, index-specific permissions, document and field-level security, and any combination of tenants. Mapping users to these roles allows them to gain these permissions.

The Security plugin comes with many predefined action groups, roles, mappings, and users, from which you can choose as needed.

Plugin managementUS3 plugin