Elasticsearch privileges

If you implement Camunda 8 with Elasticsearch as a service provider, you must configure Elasticsearch with the following privileges in mind:

Cluster privileges

Running Elasticsearch with limited cluster privileges

If an application cannot be granted cluster privileges, the schema manager can be run as a standalone application separate from the main application. In this setup, the single application does not need cluster privileges. To learn more, see Elasticsearch without cluster privileges.

• monitor - necessary for health check
• manage_index_templates to create and manage index schema on start up, if they don't already exist in Elasticsearch.
• Optional manage_ilm - required only when ILM is enabled

To use the backup feature, you must have snapshot privileges:

• create_snapshot
• monitor_snapshot

When updating to a newer version of Camunda 8 which requires data migration, Operate requires pipelines:

• manage_pipeline

More information on cluster privileges in Elasticsearch can be found here.

Indices privileges

• create_index
• delete_index
• read
• write
• manage
• Optional manage_ilm - required only when ILM is enabled

More information on indices privileges in Elasticsearch can be found here.