To authorize a custom user to manage a specific index in your cluster, you can create a role in the Kibana console and assign the role to the user. This topic describes how to create a role in the Kibana console.


An Alibaba Cloud Elasticsearch cluster is created. For more information, see Create an Elasticsearch cluster.


  1. Log on to the Kibana console of your Elasticsearch cluster.
    For more information, see Log on to the Kibana console.
  2. In the left-side navigation pane, click Management.
  3. In the Security section, click Roles.
  4. In the Roles section, click Create role.
    Create a role
    Parameter Description
    Role name The name of the role, which can be customized.
    Cluster privileges Optional. The permissions of the role. For more information, see Security privileges.
    Run As privileges Optional. The user who assumes the role. If no users are available, leave this parameter empty. You can assign the role when you create a user. For more information, see Create a user.
    Index privileges
    • Indices: the index pattern, such as heartbeat-*.
      Note If no index patterns are available, click Index Pattern in the Kibana section of the Management page and then create an index pattern as prompted.
    • Privileges: the permissions of the role on the index.
    • Granted fields (optional): Optional. The fields on which you want to grant permissions.
    Minimum privileges for all spaces The minimum permissions on all spaces. We recommend that you set the value to read. If you set the value to none, an error is reported when the user logs on to the Kibana console.
    Note You can also specify permissions for a specific space.
  5. Click Create role.