From b15dad0600c4888da658448b89e41d7f18262716 Mon Sep 17 00:00:00 2001 From: osgn422w Date: Mon, 3 Feb 2020 17:08:11 +0100 Subject: correct security settings correct and adjust the security settings Issue-ID: CLAMP-483 Change-Id: Id94672580ade132a7ff16241f44d8a4403b49383 Signed-off-by: osgn422w --- .../docker/elasticsearch/securityconfig/roles.yml | 50 ++++++++++++++++++++++ 1 file changed, 50 insertions(+) create mode 100644 src/main/docker/elasticsearch/securityconfig/roles.yml (limited to 'src/main/docker/elasticsearch/securityconfig/roles.yml') diff --git a/src/main/docker/elasticsearch/securityconfig/roles.yml b/src/main/docker/elasticsearch/securityconfig/roles.yml new file mode 100644 index 0000000..327464b --- /dev/null +++ b/src/main/docker/elasticsearch/securityconfig/roles.yml @@ -0,0 +1,50 @@ +_meta: + type: "roles" + config_version: 2 + +# Restrict users so they can only view visualization and dashboard on kibana +kibana_read_only: + reserved: true + +# The security REST API access role is used to assign specific users access to change the security settings through the REST API. +security_rest_api_access: + reserved: true + +# Allows users to view alerts +alerting_view_alerts: + reserved: true + index_permissions: + - index_patterns: + - ".opendistro-alerting-alert*" + allowed_actions: + - read + +# Allows users to view and acknowledge alerts +alerting_crud_alerts: + reserved: true + index_permissions: + - index_patterns: + - ".opendistro-alerting-alert*" + allowed_actions: + - crud + +# Allows users to use all alerting functionality +alerting_full_access: + reserved: true + index_permissions: + - index_patterns: + - ".opendistro-alerting-config" + - ".opendistro-alerting-alert*" + allowed_actions: + - crud + +clamp_admin_role: + reserved: false + index_permissions: + - index_patterns: + - "events*" + - "errors*" + - "dmaap*" + allowed_actions: + - crud + - create_index \ No newline at end of file -- cgit 1.2.3-korg