110 lines
2.9 KiB
YAML
110 lines
2.9 KiB
YAML
admin:
|
|
cluster: all
|
|
indices:
|
|
'*': all
|
|
|
|
# monitoring cluster privileges
|
|
# All operations on all indices
|
|
power_user:
|
|
cluster: monitor
|
|
indices:
|
|
'*': all
|
|
|
|
# Read-only operations on indices
|
|
user:
|
|
indices:
|
|
'*': read
|
|
|
|
# Defines the required permissions for transport clients
|
|
transport_client:
|
|
cluster:
|
|
- cluster:monitor/nodes/info
|
|
#uncomment the following for sniffing
|
|
#- cluster:monitor/state
|
|
|
|
# The required role for kibana 3 users
|
|
kibana3:
|
|
cluster: cluster:monitor/nodes/info
|
|
indices:
|
|
'*': indices:data/read/search, indices:data/read/get, indices:admin/get
|
|
'kibana-int': indices:data/read/search, indices:data/read/get, indices:data/write/delete, indices:data/write/index, create_index
|
|
|
|
# The required permissions for kibana 4 users.
|
|
kibana4:
|
|
cluster:
|
|
- cluster:monitor/nodes/info
|
|
- cluster:monitor/health
|
|
indices:
|
|
'*':
|
|
- indices:admin/mappings/fields/get
|
|
- indices:admin/validate/query
|
|
- indices:data/read/search
|
|
- indices:data/read/msearch
|
|
- indices:admin/get
|
|
'.kibana':
|
|
- indices:admin/exists
|
|
- indices:admin/mapping/put
|
|
- indices:admin/mappings/fields/get
|
|
- indices:admin/refresh
|
|
- indices:admin/validate/query
|
|
- indices:data/read/get
|
|
- indices:data/read/mget
|
|
- indices:data/read/search
|
|
- indices:data/write/delete
|
|
- indices:data/write/index
|
|
- indices:data/write/update
|
|
- indices:admin/create
|
|
|
|
# The required permissions for the kibana 4 server
|
|
kibana4_server:
|
|
cluster:
|
|
- cluster:monitor/nodes/info
|
|
- cluster:monitor/health
|
|
indices:
|
|
'.kibana':
|
|
- indices:admin/exists
|
|
- indices:admin/mapping/put
|
|
- indices:admin/mappings/fields/get
|
|
- indices:admin/refresh
|
|
- indices:admin/validate/query
|
|
- indices:data/read/get
|
|
- indices:data/read/mget
|
|
- indices:data/read/search
|
|
- indices:data/write/delete
|
|
- indices:data/write/index
|
|
- indices:data/write/update
|
|
|
|
# The required role for logstash users
|
|
logstash:
|
|
cluster: indices:admin/template/get, indices:admin/template/put
|
|
indices:
|
|
'logstash-*': indices:data/write/bulk, indices:data/write/delete, indices:data/write/update, indices:data/read/search, indices:data/read/scroll, create_index
|
|
|
|
# Marvel role, allowing all operations
|
|
# on the marvel indices
|
|
marvel_user:
|
|
cluster: cluster:monitor/nodes/info, cluster:admin/plugin/license/get
|
|
indices:
|
|
'.marvel-*': all
|
|
|
|
# Marvel Agent users
|
|
marvel_agent:
|
|
cluster: indices:admin/template/get, indices:admin/template/put
|
|
indices:
|
|
'.marvel-*': indices:data/write/bulk, create_index
|
|
|
|
watcher_manager:
|
|
cluster: manage_watcher, cluster:monitor/nodes/info, cluster:monitor/health
|
|
indices:
|
|
'.watch_history-*': all
|
|
|
|
watcher_monitor:
|
|
cluster: monitor_watcher
|
|
indices:
|
|
'.watch_history-*': read
|
|
|
|
crapy_role:
|
|
cluster:
|
|
- cluster:monitor/nodes/info
|
|
- cluster:monitor/health
|
|
- cluster:monitor/nodes/liveness |