Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add Kibana application privileges to the reserved role docs #354

Merged
merged 2 commits into from
Jun 5, 2019
Merged

Add Kibana application privileges to the reserved role docs #354

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
80963f1
Add Kibana application privileges to the reserved role docs
droberts195 May 31, 2019
7b72917
Apply suggestions from code review
droberts195 Jun 3, 2019
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
15 changes: 10 additions & 5 deletions docs/en/stack/security/authorization/built-in-roles.asciidoc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -39,11 +39,13 @@ suitable for writing beats output to {es}.

[[built-in-roles-data-frame-transforms-admin]] `data_frame_transforms_admin` ::
Grants `manage_data_frame_transforms` cluster privileges, which enable you to
manage data frames.
manage data frame transforms. This role also includes all
{kibana-ref}/kibana-privileges.html[Kibana privileges] for the {ml-features}.

[[built-in-roles-data-frame-transforms-user]] `data_frame_transforms_user` ::
Grants `monitor_data_fram_transforms` cluster privileges, which enable you to
use data frames.
use data frame transforms. This role also includes all
{kibana-ref}/kibana-privileges.html[Kibana privileges] for the {ml-features}.

[[built-in-roles-ingest-user]] `ingest_admin` ::
Grants access to manage *all* index templates and *all* ingest pipeline configurations.
Expand Down Expand Up @@ -92,19 +94,22 @@ suitable for use within a Logstash pipeline.
[[built-in-roles-ml-admin]] `machine_learning_admin`::
Grants `manage_ml` cluster privileges, read access to `.ml-anomalies*`,
`.ml-notifications*`, `.ml-state*`, `.ml-meta*` indices and write access to
`.ml-annotations*` indices.
`.ml-annotations*` indices. This role also includes all
{kibana-ref}/kibana-privileges.html[Kibana privileges] for the {ml-features}.

[[built-in-roles-ml-user]] `machine_learning_user`::
Grants the minimum privileges required to view {ml} configuration,
status, and work with results. This role grants `monitor_ml` cluster privileges,
read access to the `.ml-notifications` and `.ml-anomalies*` indices
(which store {ml} results), and write access to `.ml-annotations*` indices.
This role also includes all {kibana-ref}/kibana-privileges.html[Kibana privileges] for the {ml-features}.

[[built-in-roles-monitoring-user]] `monitoring_user`::
Grants the minimum privileges required for any user of {monitoring} other than those
required to use {kib}. This role grants access to the monitoring indices and grants
privileges necessary for reading basic cluster information. Monitoring users should
also be assigned the `kibana_user` role.
privileges necessary for reading basic cluster information. This role also includes
all {kibana-ref}/kibana-privileges.html[Kibana privileges] for the {stack-monitor-features}.
Monitoring users should also be assigned the `kibana_user` role.

[[built-in-roles-remote-monitoring-agent]] `remote_monitoring_agent`::
Grants the minimum privileges required to write data into the monitoring indices
Expand Down