-
Notifications
You must be signed in to change notification settings - Fork 4
/
Copy pathroles.yml
81 lines (73 loc) · 1.53 KB
/
roles.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
# All cluster rights
# All operations on all indices
admin:
cluster:
- all
indices:
- names: '*'
privileges:
- all
# monitoring cluster privileges
# All operations on all indices
power_user:
cluster:
- monitor
indices:
- names: '*'
privileges:
- all
# Read-only operations on indices
user:
indices:
- names: '*'
privileges:
- read
# Defines the required permissions for transport clients
transport_client:
cluster:
- transport_client
# The required permissions for the kibana 4 server
kibana4_server:
cluster:
- monitor
indices:
- names: '.kibana'
privileges:
- all
# The required permissions for a kibana admin
kibana:
cluster:
- monitor
indices:
- names: 'logstash-*'
privileges:
- all
- names: '.kibana*'
privileges:
- all
# The required role for logstash users
logstash:
cluster:
- manage_index_templates
indices:
- names: 'logstash-*'
privileges:
- write
- delete
- create_index
# Marvel user role. Assign to marvel users.
marvel_user:
indices:
- names: '.marvel-es-*'
privileges: [ "read" ]
- names: '.kibana'
privileges:
- view_index_metadata
- read
# Marvel remote agent role. Assign to the agent user on the remote marvel cluster
# to which the marvel agent will export all its data
remote_marvel_agent:
cluster: [ "manage_index_templates" ]
indices:
- names: '.marvel-es-*'
privileges: [ "all" ]