Configuring security for Siren Federate

The Siren Federate plugin is compatible with Search Guard and Elastic Stack Security security systems. Follow the instructions to configure one of these solutions for Siren Federate.

A security system maps a user to one or more roles.

A role grants one or more permissions, for example, the sysadmin role.

A permission maps a role to one or more actions.

An action specifies a type of request that operates at the index- or cluster level. An action is identified by a unique identifier, for example, indices:data/read/mget, which identifies the multi get action.

An action follows the schema [cluster|indices]:<a path delimited by />. For example, cluster:internal/federate/* or indices:data/read/mget.

The following Siren Federate actions can be used to limit cluster or index requests:

  • indices:admin/federate: The prefix for actions that are related to the administration of internal Siren Federate indices.

  • indices:data/read/federate: The prefix for actions that are related to reading the index.

  • cluster:monitor/federate: The prefix for actions that are related to cluster monitoring.

  • cluster:admin/federate: The prefix for actions that are related to Siren Federate administration.

  • cluster:internal/federate: The prefix for all internal actions.

For every Siren Federate user, you must grant cluster-level permission for internal Siren Federate actions.

Creating roles

To get started, you can create three generic roles in Siren Federate. In a later section, there are examples of how to implement the roles for the different security systems.

The Admin role

The Admin role performs all actions related to administration, such as managing the license.

The Admin role grants permissions for Siren Federate cluster administration and monitoring.

  • indices:data/write*

To manage the license, set the following cluster-level and index-level permissions:

  • cluster:admin/federate/license/*

  • indices:admin/create

  • indices:admin/exists

  • indices:admin/mapping/put

The User role

The User role performs read-only actions on indices. This is required to execute a Siren Federate search request on one or more indices.

To search indices, set the following user permissions:

  • indices:data/read/*

These permissions allow the User role to read index metadata. This is required, because the Siren Federate query engine accesses index schema metadata by using indices:admin/mappings/fields/get during the query evaluation.

  • indices:admin/mappings/fields/get

  • indices:data/read/get

  • indices:data/read/search

In this section

You can configure one of the following security systems for Siren Federate:

Configuring Search Guard

Configuring Elastic Stack Security