java.lang.Object
org.elasticsearch.xpack.core.security.authz.permission.IndicesPermission

public final class IndicesPermission extends Object
A permission that is based on privileges for index related actions executed on specific indices
  • Field Details

  • Method Details

    • groups

      public IndicesPermission.Group[] groups()
    • allowedIndicesMatcher

      public IndicesPermission.IsResourceAuthorizedPredicate allowedIndicesMatcher(String action)
      Returns:
      A predicate that will match all the indices that this permission has the privilege for executing the given action on.
    • hasFieldOrDocumentLevelSecurity

      public boolean hasFieldOrDocumentLevelSecurity()
    • check

      public boolean check(String action)
      Checks if the permission matches the provided action, without looking at indices. To be used in very specific cases where indices actions need to be authorized regardless of their indices. The usecase for this is composite actions that are initially only authorized based on the action name (indices are not checked on the coordinating node), and properly authorized later at the shard level checking their indices as well.
    • checkResourcePrivileges

      public boolean checkResourcePrivileges(Set<String> checkForIndexPatterns, boolean allowRestrictedIndices, Set<String> checkForPrivileges, @Nullable ResourcePrivilegesMap.Builder resourcePrivilegesMapBuilder)
    • checkResourcePrivileges

      public boolean checkResourcePrivileges(Set<String> checkForIndexPatterns, boolean allowRestrictedIndices, Set<String> checkForPrivileges, boolean combineIndexGroups, @Nullable ResourcePrivilegesMap.Builder resourcePrivilegesMapBuilder)
      For given index patterns and index privileges determines allowed privileges and creates an instance of ResourcePrivilegesMap holding a map of resource to ResourcePrivileges where resource is index pattern and the map of index privilege to whether it is allowed or not.
      Parameters:
      checkForIndexPatterns - check permission grants for the set of index patterns
      allowRestrictedIndices - if true then checks permission grants even for restricted indices by index matching
      checkForPrivileges - check permission grants for the set of index privileges
      combineIndexGroups - combine index groups to enable checking against regular expressions
      resourcePrivilegesMapBuilder - out-parameter for returning the details on which privilege over which resource is granted or not. Can be null when no such details are needed so the method can return early, after encountering the first privilege that is not granted over some resource.
      Returns:
      true when all the privileges are granted over all the resources, or false otherwise
    • allowedActionsMatcher

      public org.apache.lucene.util.automaton.Automaton allowedActionsMatcher(String index)
    • authorize

      public IndicesAccessControl authorize(String action, Set<String> requestedIndicesOrAliases, ProjectMetadata metadata, FieldPermissionsCache fieldPermissionsCache)
      Authorizes the provided action against the provided indices, given the current cluster metadata