SLM action strings

margaretp · October 18, 2024, 7:30pm

I noticed a discrepancy in the action strings documented for ROR and the official Elasticsearch documentation for SLM, and I was wondering which one I should be using on my cluster.

ROR documents use cluster:admin/slm*: readonlyrest-docs/actionstrings/action_strings_es8.15.1.txt at master · beshu-tech/readonlyrest-docs · GitHub

Elastic uses manage_slm and read_slm: Security privileges | Elasticsearch Guide [8.15] | Elastic

Does manage_slm map to multiple cluster:admin/slm* actions? Will ROR accept either?

coutoPL · October 19, 2024, 4:49pm

Xpack Security and ROR are both security solutions. When you use one, you don’t need the other.

The security privileges are related to Xpack Security only. ROR doesn’t use them.

However, each Elasticsearch API request has an action assigned. You can find the list of all available actions in the link you showed. And you can restrict access to some actions (eg. cluster:admin/slm* /notice the wildcard in the action name) using the actions rule.

margaretp · October 29, 2024, 8:49pm

That makes sense, thank you very much!