honeymoose
/
OpenSearch
mirror of https://github.com/honeymoose/OpenSearch.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Amending docs on security privileges required for Watcher (elastic/x-pack-elasticsearch#1086) 

* Amending docs on security privileges required for Watcher

Previously, the watcher_user and watcher_admin roles did not exist so we documented the actual security privileges necessary. Now that these roles exist and encapsulate the security privileges, we update the documentation to refer to the roles instead.

* Breaking up sentences. Putting main content up front.

* Include triggered watches as well

* Emphasize read-only operations

Original commit: elastic/x-pack-elasticsearch@720d84557c
This commit is contained in:
Shaunak Kashyap 2017-04-19 04:21:43 -07:00 committed by GitHub
parent d8a70138cd
commit 618341db6c
1 changed files with 6 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
docs/en/watcher/getting-started.asciidoc
View File

@ -214,10 +214,13 @@ DELETE _xpack/watcher/watch/log_error_watch
[float]
[[required-security-privileges]]
=== Required Security Privileges
To use Watcher, users must have the following security privileges:
To enable users to create and manipulate watches, assign them the `watcher_admin`
security role. Watcher admins can also view watches, watch history, and triggered
watches.
* Cluster `manage` privilege. Enables users to access the Watcher APIs.
* Index `read` privilege on `.watch*` indices. Enables users to read the `.watches` and .`watcher-history-*` indices.
To allow users to view watches and the watch history, assign them the `watcher_user`
security role. Watcher users cannot create or manipulate watches; they are only
allowed to execute read-only watch operations.
[float]
[[next-steps]]