This topic provides answers to commonly asked questions about the access control of Alibaba Cloud Elasticsearch clusters.

When I use a RAM user to purchase an Elasticsearch cluster, no Virtual Private Clouds (VPCs) are available on the buy page. Why?

Check whether the RAM user has permissions to obtain the list of VPCs. For more information, see View the basic information of a RAM user. If the RAM user does not have the required permissions, grant the permissions to the RAM user. For more information, see Grant permissions to a RAM user.

If a temporary user is deleted, will Elasticsearch clusters or data that is created by the user be deleted?

If a temporary user is deleted, the Elasticsearch clusters that are created by this user will not be deleted. In addition, the changes made by this user to the Elasticsearch clusters will not be restored. Operations performed by a temporary user are equivalent to those performed by an Alibaba Cloud account.

When I use Elasticsearch, the system displays the "The specified RAM user is not authorized. Check the permission of the RAM user and try again." error message. What do I do?

Grant one of the following permissions to the RAM user. For more information, see Grant permissions to a RAM user.
  • AliyunElasticsearchReadOnlyAccess: the read-only permission to access Elasticsearch or Logstash clusters. This permission can be granted to read-only users.
  • AliyunElasticsearchFullAccess: the permission to manage Elasticsearch or Logstash clusters. This permission can be granted to administrators.

How do I create a user that has read-only permissions on resources, such as indexes, of an Elasticsearch cluster?

Create a role that has such permissions in the Kibana console. Then, assign the role to a user. For more information, see Grant permissions on indexes.

When I use a user to which the required role is assigned to log on to the Kibana console, the console displays no indexes. Only the elastic account can be used to view indexes. What do I do?

When you create a user, grant the kibana_system permission to the user.Grant the kibana_system permission