This topic describes how to grant a RAM user operation permissions on Elasticsearch, such as the cluster creation and query permissions. Elasticsearch supports system and custom policies.

Prerequisites

  • A RAM user is created. For more information, see Create a RAM user.
  • A custom policy is created.
    If system policies do not meet your requirements, create a custom policy. For more information, see Create a custom policy.
    Note Elasticsearch supports the following system policies:
    • AliyunElasticsearchReadOnlyAccess: the read-only permission to access Elasticsearch or Logstash clusters. This permission can be granted to read-only users.
    • AliyunElasticsearchFullAccess: the permission to manage Elasticsearch or Logstash clusters. This permission can be granted to administrators.

Background information

This topic describes how to grant permissions to a RAM user on the Grants page of the RAM console. You can also grant permissions to a RAM user on the Users page. For more information, see Grant permissions to a RAM user.
Note

Procedure

  1. Log on to the RAM console by using an Alibaba Cloud account.
  2. In the left-side navigation pane, click Grants under Permissions.
  3. Click Grant Permission.
  4. Under Principal, enter a principal name and click the target principal.
    Note You can enter a name of the RAM user, user group, or role for a fuzzy search.
  5. In the Select Policy section, grant permissions to the principal.
    1. Select System Policy or Custom Policy.
      Add general policies
    2. Find the target policy.
      Note You can also enter the policy name in the search box to perform fuzzy search.
    3. In the Authorization Policy Name column, click the target policy.
  6. Click OK.
  7. Click Finished.

What to do next

If a RAM user no longer requires a permission, you can remove the permission for the user. For more information, see Remove permissions from a RAM user.