mirror of
https://github.com/Security-Onion-Solutions/securityonion.git
synced 2025-12-06 17:22:49 +01:00
Add limited roles with restricted visibility
This commit is contained in:
Jason Ertel
49
salt/elasticsearch/roles/limited-analyst.json
Normal file
49
salt/elasticsearch/roles/limited-analyst.json
Normal file
@@ -0,0 +1,49 @@
|
||||
{
|
||||
"cluster": [
|
||||
],
|
||||
"indices": [
|
||||
{
|
||||
"names": [
|
||||
"so-*"
|
||||
],
|
||||
"privileges": [
|
||||
"index",
|
||||
"maintenance",
|
||||
"monitor",
|
||||
"read",
|
||||
"read_cross_cluster",
|
||||
"view_index_metadata"
|
||||
]
|
||||
}
|
||||
],
|
||||
"applications": [
|
||||
{
|
||||
"application": "kibana-.kibana",
|
||||
"privileges": [
|
||||
"feature_discover.read",
|
||||
"feature_dashboard.read",
|
||||
"feature_canvas.read",
|
||||
"feature_maps.read",
|
||||
"feature_ml.read",
|
||||
"feature_logs.read",
|
||||
"feature_visualize.read",
|
||||
"feature_infrastructure.read",
|
||||
"feature_apm.read",
|
||||
"feature_uptime.read",
|
||||
"feature_siem.read",
|
||||
"feature_dev_tools.read",
|
||||
"feature_advancedSettings.read",
|
||||
"feature_indexPatterns.read",
|
||||
"feature_savedObjectsManagement.read",
|
||||
"feature_savedObjectsTagging.read",
|
||||
"feature_fleet.read",
|
||||
"feature_actions.read",
|
||||
"feature_stackAlerts.read"
|
||||
],
|
||||
"resources": [
|
||||
"*"
|
||||
]
|
||||
}
|
||||
],
|
||||
"run_as": []
|
||||
}
|
||||
47
salt/elasticsearch/roles/limited-auditor.json
Normal file
47
salt/elasticsearch/roles/limited-auditor.json
Normal file
@@ -0,0 +1,47 @@
|
||||
{
|
||||
"cluster": [
|
||||
],
|
||||
"indices": [
|
||||
{
|
||||
"names": [
|
||||
"so-*"
|
||||
],
|
||||
"privileges": [
|
||||
"read",
|
||||
"read_cross_cluster",
|
||||
"monitor",
|
||||
"view_index_metadata"
|
||||
]
|
||||
}
|
||||
],
|
||||
"applications": [
|
||||
{
|
||||
"application": "kibana-.kibana",
|
||||
"privileges": [
|
||||
"feature_discover.read",
|
||||
"feature_dashboard.read",
|
||||
"feature_canvas.read",
|
||||
"feature_maps.read",
|
||||
"feature_ml.read",
|
||||
"feature_logs.read",
|
||||
"feature_visualize.read",
|
||||
"feature_infrastructure.read",
|
||||
"feature_apm.read",
|
||||
"feature_uptime.read",
|
||||
"feature_siem.read",
|
||||
"feature_dev_tools.read",
|
||||
"feature_advancedSettings.read",
|
||||
"feature_indexPatterns.read",
|
||||
"feature_savedObjectsManagement.read",
|
||||
"feature_savedObjectsTagging.read",
|
||||
"feature_fleet.read",
|
||||
"feature_actions.read",
|
||||
"feature_stackAlerts.read"
|
||||
],
|
||||
"resources": [
|
||||
"*"
|
||||
]
|
||||
}
|
||||
],
|
||||
"run_as": []
|
||||
}
|
||||
Reference in New Issue
Block a user