Add limited roles with restricted visibility

2025-12-06 17:22:49 +01:00 · 2021-09-16 07:44:15 -04:00
parent 9970e54081
commit 82da0041a4
2 changed files with 96 additions and 0 deletions
--- a/salt/elasticsearch/roles/limited-analyst.json
+++ b/salt/elasticsearch/roles/limited-analyst.json
@@ -0,0 +1,49 @@
 {
  "cluster": [
  ],
  "indices": [
    {
      "names": [
        "so-*"
      ],
      "privileges": [
        "index",
        "maintenance",
        "monitor",
        "read",
        "read_cross_cluster",
        "view_index_metadata"
      ]
    }
  ],
  "applications": [
    {
      "application": "kibana-.kibana",
      "privileges": [
        "feature_discover.read",
        "feature_dashboard.read",
        "feature_canvas.read",
        "feature_maps.read",
        "feature_ml.read",
        "feature_logs.read",
        "feature_visualize.read",
        "feature_infrastructure.read",
        "feature_apm.read",
        "feature_uptime.read",
        "feature_siem.read",
        "feature_dev_tools.read",
        "feature_advancedSettings.read",
        "feature_indexPatterns.read",
        "feature_savedObjectsManagement.read",
        "feature_savedObjectsTagging.read",
        "feature_fleet.read",
        "feature_actions.read",
        "feature_stackAlerts.read"
      ],
      "resources": [
        "*"
      ]
    }
  ],
  "run_as": []
 }
--- a/salt/elasticsearch/roles/limited-auditor.json
+++ b/salt/elasticsearch/roles/limited-auditor.json
@@ -0,0 +1,47 @@
 {
  "cluster": [
  ],
  "indices": [
    {
      "names": [
        "so-*"
      ],
      "privileges": [
        "read",
        "read_cross_cluster",
        "monitor",
        "view_index_metadata"
      ]
    }
  ],
  "applications": [
    {
      "application": "kibana-.kibana",
      "privileges": [
        "feature_discover.read",
        "feature_dashboard.read",
        "feature_canvas.read",
        "feature_maps.read",
        "feature_ml.read",
        "feature_logs.read",
        "feature_visualize.read",
        "feature_infrastructure.read",
        "feature_apm.read",
        "feature_uptime.read",
        "feature_siem.read",
        "feature_dev_tools.read",
        "feature_advancedSettings.read",
        "feature_indexPatterns.read",
        "feature_savedObjectsManagement.read",
        "feature_savedObjectsTagging.read",
        "feature_fleet.read",
        "feature_actions.read",
        "feature_stackAlerts.read"
      ],
      "resources": [
        "*"
      ]
    }
  ],  
  "run_as": []
 }