Enhancement Request for security index access in future Elasticsearch versions

[jmoon-elastic]

Description

Current use case:

Run watcher to periodically query .security* indices and ingest the user_profile.* data to a custom index for further use.

Possible limitation in the future versions:

According to the note from the GET .security*/_search query results, it is indicated that direct access to system indices may be deprecated in the future versions.

#! this request accesses system indices: [.security-7, .security-profile-8, .security-tokens-7], but in a future major version, direct access to system indices will be prevented by default

The user profile API doc also has a similar note

NOTE: The user profile feature is designed only for use by Kibana and Elastic's Observability, Enterprise Search, and Elastic Security solutions. Individual users and external applications should not call this API directly. Elastic reserves the right to change or remove this feature in future releases without prior notice.

Feature request:

Provide continued access to the .security* indices or an equivalent supported method to retrieve the same user profile information in future Elasticsearch versions since the user data plays a critical role in the existing workflow.

[elasticsearchmachine]

Pinging @elastic/es-core-infra (Team:Core/Infra)

[szybia]

best label i could find for this, original deprecation PR was under Core/Infra: #60945

(fwiw, the PR went in in 2020, so I do wonder whether this removing access to system indices will be prioritized any time soon...)

[elasticsearchmachine]

Pinging @elastic/es-security (Team:Security)

[DaveCTurner]

The eventual solution to this will not involve direct access to the .security-* indices. Instead, the security team will need to (decide whether to) expose this via dedicated API calls. I've relabelled it thusly.