Creating Users and Assigning Roles in Elasticsearch
After you install Elasticsearch, you need to create users and assign roles to users in Elasticsearch. These users in Elasticsearch are necessary to validate the incoming requests from PeopleSoft Search Framework. While the user information is maintained in the esusers.properties file, the role information is maintained in the esuserroles.properties file at ES_CONFIGPATH/.
In the PeopleSoft implementation of Elasticsearch 6.1.2, esusers.properties and esuserroles.properties files are available at this location: ES_HOME/plugins/orcl-security-plugin/config/properties.
The following roles are delivered to perform specific operations:
read - to provide permission as read-only.
admin - to perform read and administrative operations.
security - to access the security index.
To create users and assign roles to users, use the elasticsearchuser script available in ES_HOME/bin. You can use the script for the following purposes:
To add a new user or change password for a user:
elasticsearchuser adduser [user]To assign roles to an existing user:
elasticsearchuser addrole [user]Use commas to separate the roles assigned to a user.
To view existing users:
elasticsearchuser listusersTo view roles of a user:
elasticsearchuser listrole [user]To remove a user:
elasticsearchuser removeuser [user]To encrypt the given text, for example, a password:
elasticsearchuser encrypt [text]This command is used for encrypting the keystore password while configuring SSL. The password needs to be encrypted in the elasticsearch.yml configuration file.
To create a new key:
elasticsearchuser buildkeyThis command creates a new key to encrypt password in text file.
For example, you may want to create a superuser with the roles of admin and security assigned to the superuser.
elasticsearchuser adduser superuserEnter a password and confirm the password.
elasticsearchuser addrole superuserEnter the password.
Enter comma separated list of roles, for example: admin,security.