Configuring security for data imports

The following permissions are required to operate on Siren-managed indices, which you can configure on the ACL tab of the Access control app:

Action on entity table	Permission required
Add, rename field	Change permission on entity table object.
Delete field	Delete permission on entity table object.
Import data	Import permission on entity table object.
Delete data, index, entity table object	Delete permission on entity table object.

Action on entity table

Permission required

Add, rename field

Change permission on entity table object.

Delete field

Delete permission on entity table object.

Import data

Import permission on entity table object.

Delete data, index, entity table object

Delete permission on entity table object.

Granting index permissions

If the entity table is based on a standard (not Siren-managed) Elasticsearch index then it requires explicit index-level permissions to read and write records as well permission to refresh the target index with the maintenance permission.

The following is an example of an investigate_system role definition for Elastic Stack Security that gives the backend user the required permissions on the article index:

{
  "cluster": [
    "cluster:internal/federate/*",
    "cluster:admin/federate/*",
    "cluster:monitor/*",
    "manage_index_templates"
  ],
  "indices": [
    {
      "names": [
        "article"
      ],
      "privileges": [
        "read",
        "write",
        "maintenance"
      ]
    }
  ]
}

The following is an analogous investigate_system role definition for Search Guard Classic:

investigate_system:
  cluster_permissions:
  - CLUSTER_COMPOSITE_OPS
  - CLUSTER_MANAGE
  - CLUSTER_MONITOR
  index_permissions:
  # Grant the backend user permission to read and write records and to perform an index refresh on every standard ES index for which you want to enable data imports.
  - index_patterns:
    - 'article'
    allowed_actions:
    - READ
    - WRITE
    - 'indices:admin/refresh*'