summaryrefslogtreecommitdiffstats
path: root/src/main/docker/elasticsearch/securityconfig/roles.yml
diff options
context:
space:
mode:
Diffstat (limited to 'src/main/docker/elasticsearch/securityconfig/roles.yml')
-rw-r--r--src/main/docker/elasticsearch/securityconfig/roles.yml50
1 files changed, 50 insertions, 0 deletions
diff --git a/src/main/docker/elasticsearch/securityconfig/roles.yml b/src/main/docker/elasticsearch/securityconfig/roles.yml
new file mode 100644
index 0000000..327464b
--- /dev/null
+++ b/src/main/docker/elasticsearch/securityconfig/roles.yml
@@ -0,0 +1,50 @@
+_meta:
+ type: "roles"
+ config_version: 2
+
+# Restrict users so they can only view visualization and dashboard on kibana
+kibana_read_only:
+ reserved: true
+
+# The security REST API access role is used to assign specific users access to change the security settings through the REST API.
+security_rest_api_access:
+ reserved: true
+
+# Allows users to view alerts
+alerting_view_alerts:
+ reserved: true
+ index_permissions:
+ - index_patterns:
+ - ".opendistro-alerting-alert*"
+ allowed_actions:
+ - read
+
+# Allows users to view and acknowledge alerts
+alerting_crud_alerts:
+ reserved: true
+ index_permissions:
+ - index_patterns:
+ - ".opendistro-alerting-alert*"
+ allowed_actions:
+ - crud
+
+# Allows users to use all alerting functionality
+alerting_full_access:
+ reserved: true
+ index_permissions:
+ - index_patterns:
+ - ".opendistro-alerting-config"
+ - ".opendistro-alerting-alert*"
+ allowed_actions:
+ - crud
+
+clamp_admin_role:
+ reserved: false
+ index_permissions:
+ - index_patterns:
+ - "events*"
+ - "errors*"
+ - "dmaap*"
+ allowed_actions:
+ - crud
+ - create_index \ No newline at end of file