From 2fb1802de485ec42fdbf1e20d147a4c2eaedb06e Mon Sep 17 00:00:00 2001
From: "opensearch-trigger-bot[bot]"
 <98922864+opensearch-trigger-bot[bot]@users.noreply.github.com>
Date: Tue, 1 Aug 2023 08:07:30 -0400
Subject: [PATCH] [Backport 2.x] add workflow cluster permissions to alerting
 roles (#3039)

Backport 59e2657850193d00339e5f234cda15357b7b57f9 from #2994

Co-authored-by: Surya Sashank Nistala <sashank.nistala@gmail.com>
Co-authored-by: Craig Perkins <cwperx@amazon.com>
---
 config/roles.yml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/config/roles.yml b/config/roles.yml
index fff474872f..af229445e3 100644
--- a/config/roles.yml
+++ b/config/roles.yml
@@ -32,12 +32,16 @@ alerting_read_access:
     - 'cluster:admin/opendistro/alerting/monitor/get'
     - 'cluster:admin/opendistro/alerting/monitor/search'
     - 'cluster:admin/opensearch/alerting/findings/get'
+    - 'cluster:admin/opensearch/alerting/workflow/get'
+    - 'cluster:admin/opensearch/alerting/workflow_alerts/get'
 
 # Allows users to view and acknowledge alerts
 alerting_ack_alerts:
   reserved: true
   cluster_permissions:
     - 'cluster:admin/opendistro/alerting/alerts/*'
+    - 'cluster:admin/opendistro/alerting/chained_alerts/*'
+    - 'cluster:admin/opendistro/alerting/workflow_alerts/*'
 
 # Allows users to use all alerting functionality
 alerting_full_access: