DocsICP FilingConsole
官方文档
首页

User and permission management

更新时间:
复制 MD 格式
产品详情
我的收藏

Lindorm Search Engine lets you create and delete users and grant or revoke permissions using API operations. The available permissions are READ, WRITE, and ADMIN, and they can be applied at either the GLOBAL or TABLE (index) scope. This topic describes how to manage users and their permissions in Lindorm Search Engine.

Precautions

The user and permission management feature of Lindorm Search Engine is in public preview. To use this feature, contact Lindorm technical support on DingTalk using the ID s0s3eg3.

User management

When you activate Lindorm Search Engine, a default user is automatically created with a default username and password. This user has global administrative (GLOBAL ADMIN) permissions. For more information about how to retrieve the default username and password, see View connection information.

Important

Only users with global administrative permissions can create or delete users, and grant or revoke permissions.

Create a user

Syntax

PUT _plugins/_security/api/user/<username>

Parameter description

Parameter type

Parameter name

Description

Path parameter

username

The username for the new user.

Request body parameter

password

The password for the new user. The format is "password": "<new user's password>".

Important

New users are created without any permissions. A user with global administrative (GLOBAL ADMIN) permissions must assign permissions to the new user. After permissions are granted, the server-side accepts and executes requests from the user that are within their assigned permission scope. For more information about how to grant permissions, see Permission management.

Example

PUT _plugins/_security/api/user/newuser
{
  "password": "test***"
}

Result validation

Retrieve the user list to verify that the user was created. For more information, see Get the user list.

Change a password

Syntax

PUT _plugins/_security/api/account

Parameter description

Parameter type

Parameter name

Description

Request body parameter

user

The username of the user whose password you want to change. The format is "user": "<username>".

password

The new password. The format is "password": "<new password>".

Example

PUT _plugins/_security/api/account
{
  "user": "newuser",
  "password": "newpassword"
}

Get the user list

Syntax

GET _plugins/_security/api/user

Example

GET _plugins/_security/api/user

Get details of a specific user

Syntax

GET _plugins/_security/api/user/<username>

Parameter description

Parameter type

Parameter name

Description

Path parameter

username

The user whose details you want to get.

Example

GET _plugins/_security/api/user/newuser

Delete a user

Syntax

DELETE _plugins/_security/api/user/<username>

Parameter description

Parameter type

Parameter name

Description

Path parameter

username

The user to delete.

Example

DELETE _plugins/_security/api/user/newuser

Verifying the Results

Retrieve the user list to verify that the user was deleted. For more information, see Get the user list.

Permission management

Lindorm Search Engine supports three types of permissions: READ, WRITE, and ADMIN. You can also specify a scope for these permissions.

Permission scope

Description

GLOBAL

  • READ: Global read permission.

  • WRITE: Global write permission.

  • ADMIN: All global permissions. This permission lets a user read and write all indexes, run Data Definition Language (DDL) operations on indexes, and manage other users.

TABLE

  • READ: Index read permission.

  • WRITE: Index write permission.

  • ADMIN: Index management permission, which includes DDL permissions such as creating and deleting indexes.

Manage user permissions

Syntax

POST _plugins/_security/api/user/<username>
Important

Only Lindorm Search Engine V3.8.3 and later support POST requests. For more information about how to view or upgrade your current version, see Search Engine version guide and Minor version update.

Parameter description

Path parameter

username: The user to grant or revoke permissions for.

Request body parameters

Parameter

Required

Description

op

Yes

Specifies the operation to perform. The format is "op": "<supported value>". Valid values:

  • add: Grants a permission.

  • revoke: Revokes a permission.

scope

No

Specifies the scope for the permission operation. Currently, only GLOBAL is supported, which means the permission applies globally. The format is "scope": "GLOBAL". For more information, see Example 1.

table

No

Specifies the index for which to grant or revoke permissions. The format is "table": "<index name>". For more information, see Example 2.

actions

Yes

The permissions to grant or revoke. The format is "actions": ["<supported value>"]. Valid values:

  • READ: Read permission.

  • Write.

  • ADMIN: Index management permission. For example, creating indexes, deleting indexes, and changing index mappings.

For more information, see Examples.

Important

The scope and table parameters both define the permission scope. Use only one of these parameters in your request.

Examples

  • Example 1: Grant global administrative permissions to the user test.

    POST _plugins/_security/api/user/test
{
  "op": "add", 
  "permissions": {
    "scope": "GLOBAL",
    "actions": ["ADMIN"]
  }
}

  • Example 2: Grant read and write permissions on the index1 index to the user test.

    POST _plugins/_security/api/user/test
{
  "op": "add", 
  "permissions": {
    "table": "index1",
    "actions": ["READ", "WRITE"]
  }
}

  • Example 3: Revoke the read permission on the index1 index from the user test.

    POST _plugins/_security/api/user/test
{
  "op": "revoke", 
  "permissions": {
    "table": "index1",
    "actions": ["READ"]
  }
}

Result validation

To verify that the operation was successful, view the permissions of the test user. For more information, see Get details of a specific user.

Previous:O&M guideNext:Dev tools GUI