Index management security

All index management data are protected as system indexes, and only a super admin or an admin with a Transport Layer Security (TLS) certificate can access system indexes. For more information, see System indexes.

The Security plugin comes with one role that offers full access to index management: . For a description of the role’s permissions, see Predefined roles.

Finally, with the exceptions of Create Policy, Get Policy, and Delete Policy, users also need the indices:admin/opensearch/ism/managedindex permission to execute .

(Advanced) Limit access by backend role

You can use backend roles to configure fine-grained access to index management policies and actions. For example, users of different departments in an organization might view different policies depending on what roles and permissions they are assigned.

Use the REST API to enable the following setting:

With security enabled, only users who share at least one backend role can see and execute the policies and actions relevant to their roles.