[DOCS] CCS no longer needs local *:* permission (elastic/x-pack-elasticsearch#2445)

Original commit: elastic/x-pack-elasticsearch@fb7f6eaeb2
2017-09-08 08:41:32 -07:00 · 2017-09-08 08:41:32 -07:00 · 27a8041804
parent 51603620ee
commit 27a8041804
1 changed files with 4 additions and 13 deletions
--- a/docs/en/security/tribe-clients-integrations/cross-cluster.asciidoc
+++ b/docs/en/security/tribe-clients-integrations/cross-cluster.asciidoc
@ -16,7 +16,7 @@ roles against its local role definitions to determine which indices the user
 is allowed to access.


- [WARNING]
+[WARNING]
 This feature was added as Beta in Elasticsearch `v5.3` with further
 improvements made in 5.4 and 5.5. It requires gateway eligible nodes to be on
 `v5.5` onwards.
@ -86,22 +86,12 @@ PUT _cluster_settings
 Next, set up a role called `cluster_two_logs` on both cluster `one` and
 cluster `two`.

-On cluster `one`, this role allows the user to query any indices on remote clusters:
+On cluster `one`, this role does not need any special privileges:

 [source,js]
 -----------------------------------------------------------
 POST /_xpack/security/role/cluster_two_logs
 {
-  "indices": [
-    {
-      "names": [
-        "*:*"
-      ],
-      "privileges": [
-        "read"
-      ]
-    }
-  ]
 }
 -----------------------------------------------------------

@ -155,5 +145,6 @@ GET two:logs-2017.04/_search <1>
  }
 }
 -----------------------------------------------------------
+//TBD: Is there a missing description of the <1> callout above?

-include::{xkb-repo-dir}/security/cross-cluster-kibana.asciidoc[]
+include::{xkb-repo-dir}/security/cross-cluster-kibana.asciidoc[]