Define User Access Control in Elasticsearch

1.5 hours
  • 2 Learning Objectives

About this Hands-on Lab

No matter what technology we are working with, we always need to be mindful of security. Big data platforms are certainly no exception, as they can contain massive amounts of sensitive data that must be protected. Elasticsearch has made securing your cluster very easy with native security configurations and tools to ensure that your data is only accessible to authorized users. One of the best and most obvious ways of securing data is through limited user access control via user authentication and authorization. In this hands-on lab, you are given the opportunity to create a role in an Elasticsearch cluster to authorize a specific level of access to some data. Then you will get to create a user who will be given the previously created role which, after authentication, will be authorized to perform any operations permitted by said role.

Learning Objectives

Successfully complete this lab by achieving the following learning objectives:

Create the monitor role.

Use the Kibana console tool to execute the following:

POST _security/role/monitor
  "indices": [
      "names": [
      "privileges": [
Create the noc user.

Use the Kibana console tool to execute the following:

POST _security/user/noc
  "roles": [
  "full_name": "Network Operations Center",
  "email": "",
  "password": "noc_566"

Additional Resources

You are the system administrator for a 3-node Elasticsearch cluster. In order to better support your cluster, you will have your Network Operations Center (NOC) handle all of the day-to-day monitoring of your cluster and its data so that it can quickly identify and report any percieved issues. For this, you will need to give the NOC access to the cluster but in order to follow security best practices, you will need to give them the least amount of permissions possible to do their job.

You will need to create a new role called monitor that has read and monitor permissions to all indexes in your cluster. Then, you will need to create a new user called noc who will be given the custom monitor role in addition to the built in roles kibana_user and monitoriing_user which are required for access to Kibana's Monitoring plugin. Beyond that, the noc user should have no further permissions to the cluster. The noc user should be created as follows:

  • Username: noc
  • Full Name: Network Operations Center
  • Email:
  • Roles: monitor, kibana_user, monitoring_user
  • Password: noc_566

Your master-1 node has an Kibana instance which can be accessed in your local web browser by navigating to the public IP address of the master-1 node over port 8080 (example: http://public_ip:8080). To log in, use the elastic user with the password elastic_566.

What are Hands-on Labs

Hands-on Labs are real environments created by industry experts to help you learn. These environments help you gain knowledge and experience, practice without compromising your system, test without risk, destroy without fear, and let you learn from your mistakes. Hands-on Labs: practice your skills before delivering in the real world.

Sign In
Welcome Back!

Psst…this one if you’ve been moved to ACG!

Get Started
Who’s going to be learning?