Introduction
Elasticsearch, a robust and flexible search and analytics engine, provides a comprehensive security model for managing users. This article will delve into creating and managing users in Elasticsearch, focusing on the built-in functionality provided by the security features.
Understanding Elasticsearch User Management
Elasticsearch’s security features allow you to easily manage users and their roles. Users in Elasticsearch are entities that can authenticate (to ensure that they are who they say they are) and are authorized (have the needed permissions to perform certain actions). The process of creating a user involves defining the user’s credentials and assigning appropriate roles.
Creating a User in Elasticsearch
Creating a user in Elasticsearch involves using the Elasticsearch create user API. Here is a step-by-step guide on how to create a user:
- Access the Elasticsearch API: You can access the Elasticsearch API through the command line using a tool like curl or through Kibana Dev Tools.
- Use the Create User API: The Create User API is a POST request to the
_security/user/<username>
endpoint. Replace<username>
with the desired username. - Define User Credentials: In the body of the POST request, define the user’s credentials. This includes the
password
field and optionally theroles
field. Theroles
field defines what actions the user can perform in Elasticsearch.
Here is an example of a Create User API request:
POST _security/user/jdoe
{
"password" : "jdoe_password",
"roles" : [ "admin", "other_role1" ],
"full_name" : "John Doe",
"email" : "john.doe@example.com",
"metadata" : {
"intelligence" : 7
},
"enabled": true
}
In this example, a user named jdoe
is created with the password jdoe_password
. The user is assigned two roles, admin
and other_role1
(the assigned roles must exist before creating the user), and additional information is provided in the full_name
, email
, and metadata
fields.
Managing Users in Elasticsearch
Once a user is created, you can manage the user through the Elasticsearch API. This includes changing a user’s password, updating a user’s roles, and disabling a user.
To change a user’s password, use the Change Password API. This is a PUT request to the _security/user/<username>/_password
endpoint. In the body of the request, provide the new password as shown below:
POST /_security/user/jdoe/_password
{
"password" : "new_jdoe_password"
}
To update a user’s roles, use the Update User API. This is a PUT request to the _security/user/<username>
endpoint. In the body of the request, provide the updated roles as shown below:
PUT /_security/user/jdoe
{
"roles" : [ "admin", "other_role1", "other_role2" ]
}
To disable a user, use the Disable User API as shown below:
PUT /_security/user/jdoe/_disable
Finally, the re-enable a disabled user, use the Enable User API:
PUT /_security/user/jdoe/_enable
Conclusion
In conclusion, Elasticsearch provides a comprehensive and flexible user management system. By understanding how to create and manage users, you can effectively control who has access to your Elasticsearch data and what actions they can perform.
Ready to try this out on your own? Start a free trial.
Want to get Elastic certified? Find out when the next Elasticsearch Engineer training is running!
Related content

September 5, 2025
Running cloud-native Elasticsearch with ECK
Learn how to provision a GKE cluster with Terraform and run the Elastic Stack on Kubernetes using ECK.

September 1, 2025
Using UBI in Elasticsearch: Creating an app with UBI and search-ui
Learn how to use UBI in Elasticsearch through a practical example. We’ll be creating an application that produces UBI events on search and click results.

August 13, 2025
Failure store: see what didn’t make it
Learn about failure store, a new feature in the Elastic Stack that captures and indexes previously lost events.

August 14, 2025
Elasticsearch shards and replicas: A practical guide
Master the concepts of Elasticsearch shards and replicas and learn how to optimize them.

August 4, 2025
Working with your App Search data in a post Enterprise Search world
With Enterprise Search decommissioned in the Elastic Stack version 9, you can still work with your existing App Search data—we’ll show you how.