[DOCS] Clarifies machine learning built-in roles (#51504)

elastic · Feb 12, 2020 · a3cfa5a · a3cfa5a
1 parent 5e0ced5
commit a3cfa5a
Showing 1 changed file with 10 additions and 5 deletions.
diff --git a/x-pack/docs/en/security/authorization/built-in-roles.asciidoc b/x-pack/docs/en/security/authorization/built-in-roles.asciidoc
@@ -106,17 +106,22 @@ suitable for use within a Logstash pipeline.
 --
 
 [[built-in-roles-ml-admin]] `machine_learning_admin`::
-Grants `manage_ml` cluster privileges, read access to `.ml-anomalies*`,
-`.ml-notifications*`, `.ml-state*`, `.ml-meta*` indices and write access to
-`.ml-annotations*` indices. This role also includes all
-{kibana-ref}/kibana-privileges.html[Kibana privileges] for the {ml-features}.
+Provides all of the privileges of the `machine_learning_user` role plus the full
+use of the {ml} APIs. Grants `manage_ml` cluster privileges, read access to
+`.ml-anomalies*`, `.ml-notifications*`, `.ml-state*`, `.ml-meta*` indices and
+write access to `.ml-annotations*` indices. {ml-cap} administrators also need
+index privileges for source and destination indices and roles that grant
+access to {kib}.
+See {ml-docs}/setup.html#setup-privileges[{ml-cap} security privileges].
 
 [[built-in-roles-ml-user]] `machine_learning_user`::
 Grants the minimum privileges required to view {ml} configuration,
 status, and work with results. This role grants `monitor_ml` cluster privileges,
 read access to the `.ml-notifications` and `.ml-anomalies*` indices
 (which store {ml} results), and write access to `.ml-annotations*` indices.
-This role also includes all {kibana-ref}/kibana-privileges.html[Kibana privileges] for the {ml-features}.
+{ml-cap} users also need index privileges for source and destination
+indices and roles that grant access to {kib}. See
+{ml-docs}/setup.html#setup-privileges[{ml-cap} security privileges].
 
 [[built-in-roles-monitoring-user]] `monitoring_user`::
 Grants the minimum privileges required for any user of {monitoring} other than those