OpenSearch/elasticsearch/x-pack/shield/config/xpack/roles.yml

admin:
  cluster:
    - all
  indices:
    - names: '*'
      privileges:
        - all

# monitoring cluster privileges
# All operations on all indices
power_user:
  cluster:
    - monitor
  indices:
    - names: '*'
      privileges:
        - all

# Read-only operations on indices
user:
  indices:
    - names: '*'
      privileges:
        - read

# Defines the required permissions for transport clients
transport_client:
  cluster:
      - transport_client

# The required permissions for the kibana 4 server
kibana4_server:
  cluster:
      - monitor
  indices:
    - names: '.kibana'
      privileges:
        - all

# The required role for logstash users
logstash:
  cluster:
    - manage_index_templates
  indices:
    - names: 'logstash-*'
      privileges:
        - write
        - read
        - create_index

# Marvel user role. Assign to marvel users.
monitoring_user:
  indices:
    - names:
        - '.marvel-es-*'
        - '.monitoring-*'
      privileges: [ "read" ]
    - names: '.kibana'
      privileges:
        - view_index_metadata
        - read

# Marvel remote agent role. Assign to the agent user on the remote marvel cluster
# to which the marvel agent will export all its data
remote_monitoring_agent:
  cluster: [ "manage_index_templates" ]
  indices:
    - names:
        - '.marvel-es-*'
        - '.monitoring-*'
      privileges: [ "all" ]