Skip to content

Commit

Permalink
[7x backport] document system indices api privilege (#12393)
Browse files Browse the repository at this point in the history
backport #12388 #12391
  • Loading branch information
kaisecheng authored Oct 29, 2020
1 parent a02b7e1 commit c96543b
Show file tree
Hide file tree
Showing 2 changed files with 7 additions and 12 deletions.
11 changes: 2 additions & 9 deletions docs/static/security/logstash.asciidoc
Original file line number Diff line number Diff line change
Expand Up @@ -123,16 +123,9 @@ privileges for the Logstash indices. You can create roles from the
---------------------------------------------------------------
POST _xpack/security/role/logstash_reader
{
"indices": [
{
"names": [ "logstash-*" ], <1>
"privileges": ["read","view_index_metadata"]
}
]
"cluster": ["manage_logstash_pipelines"]
}
---------------------------------------------------------------
<1> If you use a custom Logstash index pattern, specify that pattern
instead of the default `logstash-*` pattern.

. Assign your Logstash users the `logstash_reader` role. If the Logstash user
will be using
Expand All @@ -149,7 +142,7 @@ POST _xpack/security/user/logstash_user
"full_name" : "Kibana User for Logstash"
}
---------------------------------------------------------------
<1> `logstash_admin` is a built-in role that provides access to `.logstash-*`
<1> `logstash_admin` is a built-in role that provides access to system
indices for managing configurations.

[float]
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -53,8 +53,10 @@ section in your Logstash configuration, or a different one. Defaults to
If your {es} cluster is protected with basic authentication, these settings
provide the username and password that the Logstash instance uses to
authenticate for accessing the configuration data. The username you specify here
should have the built-in `logstash_admin` role and the customized `logstash_writer` role, which provides access to `.logstash-*`
indices for managing configurations.
should have the built-in `logstash_admin` role and the customized `logstash_writer` role, which provides access to system
indices for managing configurations. Starting with Elasticsearch version 7.10.0, the
`logstash_admin` role inherits the `manage_logstash_pipelines` cluster privilege for centralized pipeline management.
If a user has created their own roles and granted them access to the .logstash index, those roles will continue to work in 7.x but will need to be updated for 8.0.

`xpack.management.elasticsearch.proxy`::

Expand Down Expand Up @@ -98,7 +100,7 @@ This setting is an alternative to both `xpack.management.elasticsearch.username`
and `xpack.management.elasticsearch.password`. If `cloud_auth` is configured,
those settings should not be used.
The credentials you specify here should be for a user with the `logstash_admin` role, which
provides access to `.logstash-*` indices for managing configurations.
provides access to system indices for managing configurations.

`xpack.management.elasticsearch.api_key`::

Expand Down

0 comments on commit c96543b

Please sign in to comment.