Merge pull request #506 from opensearch-project/o11y-default-roles

Add default o11y roles
2022-04-12 13:25:14 -07:00 · 2022-04-12 13:25:14 -07:00 · c328182db8
parent b191e03054 65a719b60f
commit c328182db8
1 changed files with 2 additions and 0 deletions
--- a/_security-plugin/access-control/users-roles.md
+++ b/_security-plugin/access-control/users-roles.md
@ -111,6 +111,8 @@ Role | Description
 `all_access` | Grants full access to the cluster: all cluster-wide operations, write to all indices, write to all tenants.
 `cross_cluster_replication_follower_full_access` | Grants full access to perform cross-cluster replication actions on the follower cluster.
 `cross_cluster_replication_leader_full_access` | Grants full access to perform cross-cluster replication actions on the leader cluster.
+`observability_full_access` | Grants full access to perform actions on Observability objects such as visualizations, notebooks, and operational panels.
+`observability_read_access` | Grants permission to view Observability objects such as visualizations, notebooks, and operational panels, but not create, modify, or delete them.
 `opensearch_dashboards_read_only` | A special role that prevents users from making changes to visualizations, dashboards, and other OpenSearch Dashboards objects. See `opensearch_security.readonly_mode.roles` in `opensearch_dashboards.yml`. Pair with the `opensearch_dashboards_user` role.
 `opensearch_dashboards_user` | Grants permissions to use OpenSearch Dashboards: cluster-wide searches, index monitoring, and write to various OpenSearch Dashboards indices.
 `logstash` | Grants permissions for Logstash to interact with the cluster: cluster-wide searches, cluster monitoring, and write to the various Logstash indices.