elasticsearch/docs/reference/security/operator-privileges/index.asciidoc

[role="xpack"]
[[operator-privileges]]
== Operator privileges

NOTE: {cloud-only}

With a typical {es} deployment, people who administer the cluster also operate
the cluster at the infrastructure level. User authorization based on
<<authorization,role-based access control (RBAC)>> is effective and reliable for
this environment. However, in more managed environments, such as
{ess-trial}[{ess}], there is a distinction between the operator of the cluster
infrastructure and the administrator of the cluster. 

Operator privileges limit some functionality to operator users _only_. Operator
users are just regular {es} users with access to specific
<<operator-only-functionality,operator-only functionality>>. These
privileges are not available to cluster administrators, even if they log in as
a highly privileged user such as the `elastic` user or another user with the
`superuser` role. By limiting system access, operator privileges enhance the
{es} security model while safeguarding user capabilities.

Operator privileges are enabled on {ecloud}, which means that some 
infrastructure management functionality is restricted and cannot be accessed by
your administrative users. This capability protects your cluster from unintended 
infrastructure changes.

include::configure-operator-privileges.asciidoc[]

include::operator-only-functionality.asciidoc[]

include::operator-only-snapshot-and-restore.asciidoc[]
Documentation for operator privileges (#68964) Add documentation for operator privilegs. The docs cover features delivered by phase 1 (#65256) and 2 (#66684). Co-authored-by: Tim Vernum <tim@adjective.org> Co-authored-by: lcawl <lcawley@elastic.co> Co-authored-by: Adam Locke <adam.locke@elastic.co> 2021-03-10 13:20:05 +08:00			`[role="xpack"]`
			`[[operator-privileges]]`
			`== Operator privileges`

[DOCS] Replace hard-coded admons with cloud-only attribute (#70864) 2021-03-25 21:21:35 +08:00			`NOTE: {cloud-only}`
Documentation for operator privileges (#68964) Add documentation for operator privilegs. The docs cover features delivered by phase 1 (#65256) and 2 (#66684). Co-authored-by: Tim Vernum <tim@adjective.org> Co-authored-by: lcawl <lcawley@elastic.co> Co-authored-by: Adam Locke <adam.locke@elastic.co> 2021-03-10 13:20:05 +08:00
			`With a typical {es} deployment, people who administer the cluster also operate`
			`the cluster at the infrastructure level. User authorization based on`
			`<<authorization,role-based access control (RBAC)>> is effective and reliable for`
			`this environment. However, in more managed environments, such as`
			`{ess-trial}[{ess}], there is a distinction between the operator of the cluster`
			`infrastructure and the administrator of the cluster.`

[DOCS] Expand operator privileges explanation for users and roles (#82893) * [DOCS] Expand operator privileges explanation for users and roles * Clarify when to use the elastic user 2022-01-28 01:38:16 +08:00			`Operator privileges limit some functionality to operator users _only_. Operator`
			`users are just regular {es} users with access to specific`
Documentation for operator privileges (#68964) Add documentation for operator privilegs. The docs cover features delivered by phase 1 (#65256) and 2 (#66684). Co-authored-by: Tim Vernum <tim@adjective.org> Co-authored-by: lcawl <lcawley@elastic.co> Co-authored-by: Adam Locke <adam.locke@elastic.co> 2021-03-10 13:20:05 +08:00			`<<operator-only-functionality,operator-only functionality>>. These`
			`privileges are not available to cluster administrators, even if they log in as`
			a highly privileged user such as the `elastic` user or another user with the
[DOCS] Expand operator privileges explanation for users and roles (#82893) * [DOCS] Expand operator privileges explanation for users and roles * Clarify when to use the elastic user 2022-01-28 01:38:16 +08:00			`superuser` role. By limiting system access, operator privileges enhance the
			`{es} security model while safeguarding user capabilities.`
Documentation for operator privileges (#68964) Add documentation for operator privilegs. The docs cover features delivered by phase 1 (#65256) and 2 (#66684). Co-authored-by: Tim Vernum <tim@adjective.org> Co-authored-by: lcawl <lcawley@elastic.co> Co-authored-by: Adam Locke <adam.locke@elastic.co> 2021-03-10 13:20:05 +08:00
[DOCS] Expand operator privileges explanation for users and roles (#82893) * [DOCS] Expand operator privileges explanation for users and roles * Clarify when to use the elastic user 2022-01-28 01:38:16 +08:00			`Operator privileges are enabled on {ecloud}, which means that some`
			`infrastructure management functionality is restricted and cannot be accessed by`
			`your administrative users. This capability protects your cluster from unintended`
			`infrastructure changes.`
Documentation for operator privileges (#68964) Add documentation for operator privilegs. The docs cover features delivered by phase 1 (#65256) and 2 (#66684). Co-authored-by: Tim Vernum <tim@adjective.org> Co-authored-by: lcawl <lcawley@elastic.co> Co-authored-by: Adam Locke <adam.locke@elastic.co> 2021-03-10 13:20:05 +08:00
			`include::configure-operator-privileges.asciidoc[]`

			`include::operator-only-functionality.asciidoc[]`

			`include::operator-only-snapshot-and-restore.asciidoc[]`