| Function | Elasticsearch Role | Description |
|---|
| Document indexing (API log writing) | write | Writing log data to Elasticsearch |
| Document indexing (Audit log writing) | write | Writing audit logs to index |
| Document indexing (Token log writing) | write | Writing token logs to index |
| Document indexing (Application log writing) | write | Writing application logs to index |
| Search operations | read | Querying and searching log data |
| Get document operations | read | Reading specific documents |
| Bulk operations | write | Bulk data writing operations |
Management Operations Available in Apinizer
| Function | Elasticsearch Role | Description |
|---|
| Creating/managing Index Lifecycle Policy (ILM) | manage_ilm | Creating and managing ILM policies |
| Deleting Index Lifecycle Policy | manage_ilm | Deleting ILM policies |
| Creating/Managing Index Template | manage_index_templates | Creating and managing index templates |
| Creating new indices (with ILM/Rollover) | create_index or more comprehensive manage (index level) | Automatic or manual creation of new indices |
Monitoring Operations Available in Apinizer
| Function | Elasticsearch Role | Description |
|---|
| Cluster health check | monitor | Checking cluster health status |
| Getting cluster statistics | monitor | Reading cluster statistics |
| Getting node statistics | monitor | Reading node statistics |
| Getting thread pool statistics | monitor | Reading thread pool statistics |
| Getting index statistics | monitor | Reading index statistics |
| CPU and disk usage rates | monitor | Monitoring system resource usage |
Recommended Role Combinations
Minimum Requirements (Log Writing/Reading Only)
These minimum requirements are sufficient only for basic log writing and reading operations.
write (to own indices)read (to own indices)
Recommended Minimum Requirements for Stable Use of Apinizer Screens
The following roles are required to use features such as API proxy, ILM, Index Template, Monitoring, etc.
write (to own indices)read (to own indices)create (to own indices)index (to own indices)delete (to own indices)monitor (to own indices)manage (to own indices)monitor (at cluster level)manage_ilm (at cluster level)manage_index_templates (at cluster level)
Example Role Configurations
Minimum Permission Role (Log Writing/Reading to Own Index, etc.)
Important Considerations in Apinizer Elasticsearch IntegrationWhen using the following minimum role, the Apinizer-Elasticsearch integration cannot be completed through the Apinizer interface. To complete this integration, Index templates and ILM policies must be created manually by an authorized Elasticsearch user. Click for detailed information.Also, with minimum permissions, some configurations that can normally be done through the interface will not be possible due to limited permissions (index rollover, etc.). curl --request PUT \
--url '<ELASTICSEARCH_ACCESS_URL>/_security/role/apinizer_basic?pretty=' \
--header 'Authorization: Basic <BASE64_ENCODED_AUTH>' \
--header 'Content-Type: application/json' \
--data '{
"cluster": [
"monitor"
],
"indices": [
{
"names": ["apinizer-log-apiproxy-<INDEX_KEY>*"],
"privileges": ["read", "write", "create", "index", "delete","monitor"]
}
]
}'
Recommended Minimum Role Requirements (with ILM, Rollover, Index Template Management)
curl --request PUT \
--url '<ELASTICSEARCH_ACCESS_URL>/_security/role/apinizer_minimum_roles?pretty=' \
--header 'Authorization: Basic <BASE64_ENCODED_AUTH>' \
--header 'Content-Type: application/json' \
--data '{
"cluster": [
"monitor",
"manage_ilm",
"manage_index_templates"
],
"indices": [
{
"names": ["apinizer-log-apiproxy-<INDEX_KEY>*"],
"privileges": ["read", "write", "create", "index", "delete","monitor","manage"]
},
{
"names": [".monitoring-*", ".kibana*"],
"privileges": ["read"]
}
]
}'
Full Feature Role (All Management Operations)
curl --request PUT \
--url '<ELASTICSEARCH_ACCESS_URL>/_security/role/apinizer_all_needed_roles?pretty=' \
--header 'Authorization: Basic <BASE64_ENCODED_AUTH>' \
--header 'Content-Type: application/json' \
--data '{
"cluster": [
"monitor",
"manage_ilm",
"manage_index_templates",
"create_snapshot",
"monitor_snapshot"
],
"indices": [
{
"names": ["apinizer-log-apiproxy-<INDEX_KEY>*"],
"privileges": ["all"]
},
{
"names": [".monitoring-*", ".kibana*"],
"privileges": ["read"]
}
]
}'
User Creation Example
curl --request POST \
--url <ELASTICSEARCH_ACCESS_URL>/_security/user/apinizer_user \
--header 'Authorization: Basic <BASE64_ENCODED_AUTH>' \
--header 'Content-Type: application/json' \
--data '{
"password":"<PASSWORD>",
"roles": ["apinizer_minimum_roles"],
"full_name": "Apinizer Recommended User",
"email": "<MAIL>"
}'
Effects of Missing Roles on Apinizer
When you don’t give full permissions to the user you use to access Elasticsearch with Apinizer, some screen features are restricted. In this case, alternative solutions are possible.
Missing Cluster Privileges
| Missing Role | Effect on Apinizer | Alternative Solution |
|---|
| monitor | Cluster health check cannot be performed; CPU/disk usage cannot be viewed; Elasticsearch status is not shown on the dashboard. | Use manual monitoring tools. |
| manage_ilm | ILM policies cannot be created from the Apinizer interface; Lifecycle management cannot be performed; Rollover operations do not work automatically. | Create ILM policies manually. Click for detailed information. |
| manage_index_templates | Index templates cannot be created from Apinizer; New indices may be created with incorrect configuration. | Define templates manually. Click for detailed information. |
Missing Index Privileges
| Missing Role | Effect on Apinizer | Alternative Solution |
|---|
| write | Log data cannot be written. API traffic is not recorded. Audit logs cannot be created. | CRITICAL - Basic functions do not work. |
| read | Log queries cannot be performed. Analytics screens remain empty. Reporting does not work. | CRITICAL - Data analysis cannot be performed. |
| create_index or more comprehensive manage | New indices cannot be created. Initial setup cannot be completed (in ILM/rollover state). | Manual index creation required |
Recommendation: Gradual Permission Granting
- Start: Establish integration with the roles you have determined.
- When Needed: Add required roles one by one.
- Test: Test the relevant Apinizer feature after each role is added.
