diff --git a/salt/common/tools/sbin/so-elasticsearch-roles-load b/salt/common/tools/sbin/so-elasticsearch-roles-load
index 3b0f580fe..d094163ee 100644
--- a/salt/common/tools/sbin/so-elasticsearch-roles-load
+++ b/salt/common/tools/sbin/so-elasticsearch-roles-load
@@ -51,7 +51,7 @@ cd ${ELASTICSEARCH_ROLES}
 echo "Loading templates..."
 for role in *; do
 	name=$(echo "$role" | cut -d. -f1)
-	so-elasticsearch-query security/roles/$name -XPUT -d @"$role"
+	so-elasticsearch-query _security/role/$name -XPUT -d @"$role"
 done
 
 cd - >/dev/null
diff --git a/salt/elasticsearch/roles/analyst.json b/salt/elasticsearch/roles/analyst.json
index f81c5a67e..3fbaa9489 100644
--- a/salt/elasticsearch/roles/analyst.json
+++ b/salt/elasticsearch/roles/analyst.json
@@ -1,45 +1,62 @@
 {
-  "elasticsearch": {
-    "cluster": [
-      "cancel_task",
-      "create_snapshot",
-      "monitor",
-      "monitor_data_frame_transforms",
-      "monitor_ml",
-      "monitor_rollup",
-      "monitor_snapshot",
-      "monitor_text_structure",
-      "monitor_transform",
-      "monitor_watcher",
-      "read_ccr",
-      "read_ilm",
-      "read_pipeline",
-      "read_slm"
-    ],
-    "indices": [
-      {
-        "names": [
-          "so-*"
-        ],
-        "privileges": [
-          "read",
-          "read_cross_cluster",
-          "monitor",
-          "view_index_metadata"
-        ]
-      }
-    ],
-    "run_as": []
-  },
-  "kibana": [
+  "cluster": [
+    "cancel_task",
+    "create_snapshot",
+    "monitor",
+    "monitor_data_frame_transforms",
+    "monitor_ml",
+    "monitor_rollup",
+    "monitor_snapshot",
+    "monitor_text_structure",
+    "monitor_transform",
+    "monitor_watcher",
+    "read_ccr",
+    "read_ilm",
+    "read_pipeline",
+    "read_slm"
+  ],
+  "indices": [
     {
-      "spaces": [
-        "*"
+      "names": [
+        "so-*"
       ],
-      "base": [
-        "read"
-      ],
-      "feature": {}
+      "privileges": [
+        "index",
+        "read",
+        "read_cross_cluster",
+        "monitor",
+        "view_index_metadata"
+      ]
     }
-  ]
+  ],
+  "applications": [
+    {
+      "application": "kibana-.kibana",
+      "privileges": [
+        "feature_discover.all",
+        "feature_dashboard.all",
+        "feature_canvas.all",
+        "feature_maps.all",
+        "feature_ml.all",
+        "feature_logs.read",
+        "feature_visualize.all",
+        "feature_infrastructure.read",
+        "feature_apm.read",
+        "feature_uptime.read",
+        "feature_siem.read",
+        "feature_dev_tools.read",
+        "feature_advancedSettings.read",
+        "feature_indexPatterns.read",
+        "feature_savedObjectsManagement.read",
+        "feature_savedObjectsTagging.read",
+        "feature_fleet.all",
+        "feature_actions.read",
+        "feature_stackAlerts.read"
+      ],
+      "resources": [
+        "*"
+      ]
+    }
+  ],
+  "run_as": []
 }
\ No newline at end of file