This version of the OpenSearch documentation is no longer maintained. For the latest version, see the current documentation. For information about OpenSearch version maintenance, see Release Schedule and Maintenance Policy.

Default action groups

This page catalogs all default action groups. Often, the most coherent way to create new action groups is to use a combination of these default groups and individual permissions.

General

NameDescription
unlimitedGrants complete access. Can be used on an cluster- or index-level. Equates to “*”.

Cluster-level

NameDescription
cluster_allGrants all cluster permissions. Equates to cluster:.
cluster_monitorGrants all cluster monitoring permissions. Equates to cluster:monitor/.
cluster_composite_ops_roGrants read-only permissions to execute requests like mget, msearch, or mtv, plus permissions to query for aliases.
cluster_composite_opsSame as CLUSTER_COMPOSITE_OPS_RO, but also grants bulk permissions and all aliases permissions.
manage_snapshotsGrants permissions to manage snapshots and repositories.
cluster_manage_pipelinesGrants permissions to manage ingest pipelines.
cluster_manage_index_templatesGrants permissions to manage index templates.

Index-level

NameDescription
indices_allGrants all permissions on the index. Equates to indices:.
getGrants permissions to use get and mget actions only.
readGrants read permissions such as search, get field mappings, get, and mget.
writeGrants permissions to create and update documents within existing indices. To create new indices, see create_index.
deleteGrants permissions to delete documents.
crudCombines the read, write, and delete action groups. Included in the data_access action group.
searchGrants permissions to search documents. Includes suggest.
suggestGrants permissions to use the suggest API. Included in the read action group.
create_indexGrants permissions to create indices and mappings.
indices_monitorGrants permissions to execute all index monitoring actions (e.g. recovery, segments info, index stats, and status).
indexA more limited version of the write action group.
data_accessCombines the crud action group with indices:data/.
manage_aliasesGrants permissions to manage aliases.
manageGrants all monitoring and administration permissions for indices.