Elastic
Loading

Cluster or deployment users

ECE ECK Elastic Cloud Hosted Self Managed

To prevent unauthorized access to your Elastic resources, you need a way to identify users and validate that a user is who they claim to be (authentication), and control what data users can access and what tasks they can perform (authorization).

In this section, you’ll learn how to set up authentication and authorization at the cluster or deployment level, and learn about the underlying security technologies that Elasticsearch uses to authenticate and authorize requests internally and across services.

This section only covers direct access to and communications with an Elasticsearch cluster - sometimes known as a deployment - as well as the related Kibana instance. To learn about managing access to your Elastic Cloud organization or Elastic Cloud Enterprise orchestrator, or to learn how to use single sign-on to access a cluster using your Elastic Cloud credentials, refer to Manage users and roles.

If you plan to use native Elasticsearch user and role management, then follow our quickstart to learn how to set up basic authentication and authorization features, including spaces, roles, and native users.

Set up methods to identify users to the Elasticsearch cluster.

Key tasks for managing user authentication include:

You can also learn the basics of Elasticsearch authentication, learn about accounts used to communicate within an Elasticsearch cluster and across services, and perform advanced tasks.

View all user authentication docs

After a user is authenticated, use role-based access control to determine whether the user behind an incoming request is allowed to execute the request.

Key tasks for managing user authorization include:

You can also learn the basics of Elasticsearch authorization, and perform advanced tasks.

Tip

User roles are also used to control access to Kibana spaces.

View all user authorization docs