[DOCS] Document machine_learning_admin and machine_learning_user roles (elastic/x-pack-elasticsearch#1132)

* [DOCS] Document machine_learning_admin and machine_learning_user roles

* [DOCS] Fix auth requrements for ML result APIs

* [DOCS] Update authorization.asciidoc based on elastic/x-pack-elasticsearch#1132

Original commit: elastic/x-pack-elasticsearch@1bf563e8d7
This commit is contained in:
Lisa Cawley 2017-04-20 08:45:30 -07:00 committed by GitHub
parent 50dff91a3a
commit bf110ba05e
5 changed files with 36 additions and 14 deletions

View File

@ -16,7 +16,10 @@ results from a job.
This API presents a chronological view of the records, grouped by bucket.
You must have `monitor_ml`, `monitor`, `manage_ml`, or `manage` cluster
privileges to use this API. For more information, see <<privileges-list-cluster>>.
privileges to use this API. You also need `read` index privilege on the index
that stores the results. The `machine_learning_admin` and `machine_learning_user`
roles provide these privileges. For more information, see
<<security-privileges>> and <<built-in-roles>>.
===== Path Parameters

View File

@ -14,7 +14,10 @@ about the categories in the results for a job.
===== Description
You must have `monitor_ml`, `monitor`, `manage_ml`, or `manage` cluster
privileges to use this API. For more information, see <<privileges-list-cluster>>.
privileges to use this API. You also need `read` index privilege on the index
that stores the results. The `machine_learning_admin` and `machine_learning_user`
roles provide these privileges. For more information, see
<<security-privileges>> and <<built-in-roles>>.
===== Path Parameters

View File

@ -12,7 +12,10 @@ in a job.
===== Description
You must have `monitor_ml`, `monitor`, `manage_ml`, or `manage` cluster
privileges to use this API. For more information, see <<privileges-list-cluster>>.
privileges to use this API. You also need `read` index privilege on the index
that stores the results. The `machine_learning_admin` and `machine_learning_user`
roles provide these privileges. For more information, see
<<security-privileges>> and <<built-in-roles>>.
===== Path Parameters

View File

@ -12,7 +12,10 @@ The get records API enables you to retrieve anomaly records for a job.
===== Description
You must have `monitor_ml`, `monitor`, `manage_ml`, or `manage` cluster
privileges to use this API. For more information, see <<privileges-list-cluster>>.
privileges to use this API. You also need `read` index privilege on the index
that stores the results. The `machine_learning_admin` and `machine_learning_user`
roles provide these privileges. For more information, see
<<security-privileges>> and <<built-in-roles>>.
===== Path Parameters

View File

@ -132,6 +132,17 @@ stats.
Grants write access to the `.watches` index, read access to the watch history and
the triggered watches index and allows to execute all watcher actions.
[[built-in-roles-ml-admin]]
`machine_learning_admin`::
Grants `manage_ml` cluster privileges and read access to the `.ml-*` indices.
[[built-in-roles-ml-user]]
`machine_learning_user`::
Grants the minimum privileges required to view {xpack} {ml} configuration,
status, and results. This role grants `monitor_ml` cluster privileges and
read access to the `.ml-notifications` and `.ml-anomalies*` indices,
which store {ml} results.
[[defining-roles]]
=== Defining Roles
@ -409,4 +420,3 @@ include::authorization/field-and-document-access-control.asciidoc[]
include::authorization/run-as-privilege.asciidoc[]
include::authorization/custom-roles-provider.asciidoc[]