Professional Level

Implementing Role-Based Access Control in Elasticsearch 7.13

Pricing
1 hour
  • 2 Learning Objectives

About this Hands-on Lab

With big data comes big responsibility. Protecting your data can be a financial, competitive, and legal requirement. In this hands-on lab, you will get to secure the data of an Elasticsearch cluster through the use of role-based access control.

Learning Objectives

Successfully complete this lab by achieving the following learning objectives:

Create the account_holders_read Role

From the Kibana console, create the account_holders_read role with the following restrictions:

  • Only has read access to the accounts index.
  • Only has access to the documents where mail_opt_out is false.
  • Only has access to the firstname, lastname, and email fields.
Create the accounts_mailer User

From the Kibana console, create the accounts_mailer user with the following information:

  • Full Name: Accounts Mailer
  • Email: accounts_mailer@company.com
  • Password: yUqS54J9d6nx
  • Roles: account_holders_read
Contact SalesSee Pricing

Additional Resources

Logging In to the Elastic Environment

  1. Open a new browser tab and navigate to the public IP address of the es1 node provided on the lab page (e.g., http://public_ip).
  2. Log in using the username elastic and password elastic_acg.

Lab Scenario

You work as an IT security engineer for an online banking company that has been tasked with implementing role-based access control for a service account that will be used to send periodic emails to account holders. To minimize risk as much as possible, the following role and user that is created should only grant access to the bare minimum of customer data and only email account holders who haven't opted out of receiving periodic emails.

Role: account_holders_read

  • Only has read access to the accounts index.
  • Only has access to the documents where mail_opt_out is false.
  • Only has access to the firstname, lastname, and email fields.

User: accounts_mailer

  • Full Name: Accounts Mailer
  • Email: accounts_mailer@company.com
  • Password: yUqS54J9d6nx
  • Roles: account_holders_read

What are Hands-on Labs

Hands-on Labs are real environments created by industry experts to help you learn. These environments help you gain knowledge and experience, practice without compromising your system, test without risk, destroy without fear, and let you learn from your mistakes. Hands-on Labs: practice your skills before delivering in the real world.

Sign In
Welcome Back!

Psst…this one if you’ve been moved to ACG!

Don't have an account?

Get Started
Who’s going to be learning?
MyselfMy Organization