This topic provides answers to some frequently asked questions about the access control of Alibaba Cloud Elasticsearch clusters.

When I use a RAM user to purchase an Elasticsearch cluster, no VPCs are available on the buy page. Why?

Check whether the RAM user has the permissions to obtain the list of virtual private clouds (VPCs). For more information, see View the basic information about a RAM user. If the RAM user does not have the required permissions, grant the permissions to the RAM user. For more information, see Create a custom policy.

If a temporary user is deleted, will Elasticsearch clusters that are created by the user or data that is inserted by the user be deleted?

If a temporary user is deleted, the Elasticsearch clusters that are created by this user will not be deleted. In addition, the changes made by this user to the Elasticsearch clusters will not be restored. Operations performed by a temporary user are equivalent to those performed by an Alibaba Cloud account.

When I use Elasticsearch, the error message "The specified RAM user is not authorized. Check the permission of the RAM user and try again." is displayed. What do I do?

Grant the required permissions to the RAM user. For more information, see Create a custom policy. You can also grant one of the following permissions to the RAM user:
  • AliyunElasticsearchReadOnlyAccess: the read-only permissions on Elasticsearch or Logstash clusters. This policy can be attached to read-only users.
  • AliyunElasticsearchFullAccess: the management permissions on Elasticsearch or Logstash clusters. This policy can be attached to administrators.

How do I create a user that has read-only permissions on resources, such as indexes, of an Elasticsearch cluster?

Create a role that has such permissions in the Kibana console. Then, assign the role to a user. For more information, see Use the RBAC mechanism provided by Elasticsearch X-Pack to implement access control.

When I use a user to which the required role is assigned to log on to the Kibana console, the console displays no indexes. Only the elastic account can be used to view indexes. What do I do?

When you create a user, grant the kibana_system permission to the user. For more information, see Use the RBAC mechanism provided by Elasticsearch X-Pack to implement access control. Grant the kibana_system permission