_meta:
  type: "roles"
  config_version: 2

# Restrict users so they can only view visualization and dashboard on kibana
kibana_read_only:
  reserved: true

# The security REST API access role is used to assign specific users access to change the security settings through the REST API.
security_rest_api_access:
  reserved: true
 
# Allows users to view alerts
alerting_view_alerts:
  reserved: true
  index_permissions:
    - index_patterns:
      - ".opendistro-alerting-alert*"
      allowed_actions:
        - read 

# Allows users to view and acknowledge alerts
alerting_crud_alerts:
  reserved: true
  index_permissions:
    - index_patterns:
      - ".opendistro-alerting-alert*"
      allowed_actions:
       - crud 

# Allows users to use all alerting functionality
alerting_full_access:
  reserved: true
  index_permissions:
    - index_patterns:
      - ".opendistro-alerting-config"
      - ".opendistro-alerting-alert*"
      allowed_actions:
        - crud 

clamp_admin_role:
  reserved: false
  index_permissions:
    - index_patterns:
      - "events*"
      - "errors*"
      - "dmaap*"
      allowed_actions:
        - crud 
        - create_index