Elastic Search

Elasticsearch Disable Users

“As an Elasticsearch administrator, you will encounter instances where you need to disable specific clusters in the native realm. This allows you to revoke any user from accessing the Elasticsearch cluster without deleting it.”

This short tutorial will teach you how to disable or enable a user in Elasticsearch using the native API.

Let’s dive in.

Elasticsearch Create User

Before diving into how to enable and disable user access, let us start by creating a sample user for illustration purposes.

Consider the example shown below:

curl -XPOST "http://localhost:9200/_security/user/kafka" -H "kbn-xsrf: reporting" -H "Content-Type: application/json" -d'
{
  "password" : "password",
  "roles" : [ "superuser", "watcher" ],
  "full_name" : "Apache Kakfa",
  "metadata" : {
    "access_level" : "restricted"
  }
}'

The request above creates a user with the username “kakfa” and specified details. You can check our tutorial on creating Elasticsearch users to learn more.

The query above should return:

{
  "created": true
}

Once we have the user created, we can proceed to learn how to enable or disable users in the cluster.

Method 1 – Enable or Disable Users During Creation

The create user API allows us to enable or disable a user during creation by setting the enabled parameter in the request body.

For example, to create a disabled user, we can run the query:

curl -XPOST "http://localhost;9200/_security/user/kafka" -H "kbn-xsrf: reporting" -H "Content-Type: application/json" -d'
{
  "password" : "password",
  "roles" : [ "superuser", "watcher" ],
  "full_name" : "Apache Kakfa",
  "enabled": false,
  "metadata" : {
    "access_level" : "restricted"
  }
}'

In the example, we create a user account with a disabled state as defined in the enabled: false parameter.

We can verify this by fetching the details of the specified user as shown:

curl -XGET "http://localhost:9200/_security/user/kafka" -H "kbn-xsrf: reporting"

The resulting output is as shown:

{
  "kafka": {
    "username": "kafka",
    "roles": [
      "superuser",
      "watcher"
    ],
    "full_name": "Apache Kakfa",
    "email": null,
    "metadata": {
      "access_level": "restricted"
    },
    "enabled": false
  }
}

Method 2 – Disable Existing User

To disable an existing user, we can use the disable users API. The request syntax is as shown:

PUT /_security/user/<username>/_disable

For example, suppose we have a user with the username “linuxhint.” We can disable the user by running the query as shown:

curl -XPUT "http://localhost:9200/_security/user/linuxhint/_disable" -H "kbn-xsrf: reporting"

This disables the user with the specified username.

We can confirm by fetching the details of the specified account:

curl -XGET "http://localhost:9200/_security/user/linuxhint" -H "kbn-xsrf: reporting"

The resulting output is as shown:

Elasticsearch Enable User

To enable an already disabled user, we can use the _enable user API. The request syntax is as shown:

PUT /_security/user/<username>/_enable

For example, to enable the linuxhint user, we can run:

curl -XPUT "http://localhost:9200/_security/user/linuxhint/_enable" -H "kbn-xsrf: reporting"

Fetch user details:

curl -XGET "http://localhost:9200/_security/user/linuxhint" -H "kbn-xsrf: reporting"

Output:

Conclusion

In this article, you learned various ways to enable or disable users in an Elasticsearch cluster.

Thanks for reading!!

About the author

John Otieno

My name is John and am a fellow geek like you. I am passionate about all things computers from Hardware, Operating systems to Programming. My dream is to share my knowledge with the world and help out fellow geeks. Follow my content by subscribing to LinuxHint mailing list