From 618341db6cef0e71151a7d10f9b611d944686b8c Mon Sep 17 00:00:00 2001 From: Shaunak Kashyap Date: Wed, 19 Apr 2017 04:21:43 -0700 Subject: [PATCH] Amending docs on security privileges required for Watcher (elastic/x-pack-elasticsearch#1086) * Amending docs on security privileges required for Watcher Previously, the watcher_user and watcher_admin roles did not exist so we documented the actual security privileges necessary. Now that these roles exist and encapsulate the security privileges, we update the documentation to refer to the roles instead. * Breaking up sentences. Putting main content up front. * Include triggered watches as well * Emphasize read-only operations Original commit: elastic/x-pack-elasticsearch@720d84557cdf06e104c8afd11dbd2a462379a7dc --- docs/en/watcher/getting-started.asciidoc | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/docs/en/watcher/getting-started.asciidoc b/docs/en/watcher/getting-started.asciidoc index 45b084e88e0..3ce5835404d 100644 --- a/docs/en/watcher/getting-started.asciidoc +++ b/docs/en/watcher/getting-started.asciidoc @@ -214,10 +214,13 @@ DELETE _xpack/watcher/watch/log_error_watch [float] [[required-security-privileges]] === Required Security Privileges -To use Watcher, users must have the following security privileges: +To enable users to create and manipulate watches, assign them the `watcher_admin` +security role. Watcher admins can also view watches, watch history, and triggered +watches. -* Cluster `manage` privilege. Enables users to access the Watcher APIs. -* Index `read` privilege on `.watch*` indices. Enables users to read the `.watches` and .`watcher-history-*` indices. +To allow users to view watches and the watch history, assign them the `watcher_user` +security role. Watcher users cannot create or manipulate watches; they are only +allowed to execute read-only watch operations. [float] [[next-steps]]