From 6b5dff354aba8e4b1a5e4db1af8b17bed120c2f8 Mon Sep 17 00:00:00 2001 From: David Roberts Date: Wed, 5 Jun 2019 16:31:02 +0100 Subject: [PATCH] Add Kibana application privileges to the reserved role docs (#354) Users who create roles that are similar to the reserved roles need to know about these. The privileges were added to the reserved roles in elastic/elasticsearch#40651 and elastic/elasticsearch#42757 Co-Authored-By: Lisa Cawley --- .../authorization/built-in-roles.asciidoc | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/docs/en/stack/security/authorization/built-in-roles.asciidoc b/docs/en/stack/security/authorization/built-in-roles.asciidoc index ec8764d6b..a7e74d143 100644 --- a/docs/en/stack/security/authorization/built-in-roles.asciidoc +++ b/docs/en/stack/security/authorization/built-in-roles.asciidoc @@ -39,11 +39,13 @@ suitable for writing beats output to {es}. [[built-in-roles-data-frame-transforms-admin]] `data_frame_transforms_admin` :: Grants `manage_data_frame_transforms` cluster privileges, which enable you to -manage data frames. +manage data frame transforms. This role also includes all +{kibana-ref}/kibana-privileges.html[Kibana privileges] for the {ml-features}. [[built-in-roles-data-frame-transforms-user]] `data_frame_transforms_user` :: Grants `monitor_data_fram_transforms` cluster privileges, which enable you to -use data frames. +use data frame transforms. This role also includes all +{kibana-ref}/kibana-privileges.html[Kibana privileges] for the {ml-features}. [[built-in-roles-ingest-user]] `ingest_admin` :: Grants access to manage *all* index templates and *all* ingest pipeline configurations. @@ -92,19 +94,22 @@ suitable for use within a Logstash pipeline. [[built-in-roles-ml-admin]] `machine_learning_admin`:: Grants `manage_ml` cluster privileges, read access to `.ml-anomalies*`, `.ml-notifications*`, `.ml-state*`, `.ml-meta*` indices and write access to -`.ml-annotations*` indices. +`.ml-annotations*` indices. This role also includes all +{kibana-ref}/kibana-privileges.html[Kibana privileges] for the {ml-features}. [[built-in-roles-ml-user]] `machine_learning_user`:: Grants the minimum privileges required to view {ml} configuration, status, and work with results. This role grants `monitor_ml` cluster privileges, read access to the `.ml-notifications` and `.ml-anomalies*` indices (which store {ml} results), and write access to `.ml-annotations*` indices. +This role also includes all {kibana-ref}/kibana-privileges.html[Kibana privileges] for the {ml-features}. [[built-in-roles-monitoring-user]] `monitoring_user`:: Grants the minimum privileges required for any user of {monitoring} other than those required to use {kib}. This role grants access to the monitoring indices and grants -privileges necessary for reading basic cluster information. Monitoring users should -also be assigned the `kibana_user` role. +privileges necessary for reading basic cluster information. This role also includes +all {kibana-ref}/kibana-privileges.html[Kibana privileges] for the {stack-monitor-features}. +Monitoring users should also be assigned the `kibana_user` role. [[built-in-roles-remote-monitoring-agent]] `remote_monitoring_agent`:: Grants the minimum privileges required to write data into the monitoring indices