From e7b8c360420bbca40731ff7cf0eaa0dbaa8286ab Mon Sep 17 00:00:00 2001 From: Mirko Bez Date: Thu, 9 May 2024 16:47:38 +0200 Subject: [PATCH] [DOCS] Add the `read_pipeline` cluster privilege for winlogbeat and the `auto_configure` index privilege to beats documentation (#38534) * [DOCS] Removed reference to the Stack GS (#32119) * Update users.asciidoc Add the "read_pipeline" privilege for Winlogbeat too * [Docs] add auto_configure index privilege to the required permissions for beat agents * Update link that was broken --------- Co-authored-by: debadair Co-authored-by: Andrew Kroh (cherry picked from commit edf4568898862265cd2c9d4274f747441f220af6) --- libbeat/docs/security/api-keys.asciidoc | 2 +- libbeat/docs/security/users.asciidoc | 19 +++++++++++++++++-- 2 files changed, 18 insertions(+), 3 deletions(-) diff --git a/libbeat/docs/security/api-keys.asciidoc b/libbeat/docs/security/api-keys.asciidoc index 1a934b67ce8..db068f08782 100644 --- a/libbeat/docs/security/api-keys.asciidoc +++ b/libbeat/docs/security/api-keys.asciidoc @@ -33,7 +33,7 @@ POST /_security/api_key "index": [ { "names": ["{beat_default_index_prefix}-*"], - "privileges": ["view_index_metadata", "create_doc"] + "privileges": ["view_index_metadata", "create_doc", "auto_configure"] } ] } diff --git a/libbeat/docs/security/users.asciidoc b/libbeat/docs/security/users.asciidoc index d6849caf058..846e8bc5937 100644 --- a/libbeat/docs/security/users.asciidoc +++ b/libbeat/docs/security/users.asciidoc @@ -233,8 +233,9 @@ To grant the required privileges: . Create a *writer role*, called something like +{beat_default_index_prefix}_writer+, that has the following privileges: + -NOTE: The `monitor` cluster privilege and the `create_doc` privilege on -+{beat_default_index_prefix}-*+ indices are required in every configuration. +NOTE: The `monitor` cluster privilege and the `create_doc` and `auto_configure` +privileges on +{beat_default_index_prefix}-*+ indices are required in every +configuration. + [options="header"] |==== @@ -259,10 +260,24 @@ ifeval::["{beatname_lc}"=="filebeat"] |Check for ingest pipelines used by modules. Needed when using modules. endif::[] +ifeval::["{beatname_lc}"=="winlogbeat"] +|Cluster +|`read_pipeline` +|Check for ingest pipelines used by {beatname_uc}. +endif::[] + |Index |`create_doc` on +{beat_default_index_prefix}-*+ indices |Write events into {es} + +|Index +|`auto_configure` on +{beat_default_index_prefix}-*+ indices +|Update the datastream mapping. Consider either disabling entirely or adding the +rule `-{beat_default_index_prefix}-*` to the cluster settings +https://www.elastic.co/guide/en/elasticsearch/reference/current/docs-index_.html#index-creation[action.auto_create_index] +to prevent unwanted indices creations from the agents. |==== + ifndef::apm-server[] + Omit any privileges that aren't relevant in your environment.