The following cluster privileges control access to the {slm-init} actions when {es} {security-features} are enabled:
manage_slm
-
Allows a user to perform all {slm-init} actions, including creating and updating policies and starting and stopping {slm-init}.
read_slm
-
Allows a user to perform all read-only {slm-init} actions, such as getting policies and checking the {slm-init} status.
cluster:admin/snapshot/*
-
Allows a user to take and delete snapshots of any index, whether or not they have access to that index.
You can create and manage roles to assign these privileges through {kib} Management.
To grant the privileges necessary to create and manage {slm-init} policies and snapshots,
you can set up a role with the manage_slm
and cluster:admin/snapshot/*
cluster privileges
and full access to the {slm-init} history indices.
For example, the following request creates an slm-admin
role:
POST /_security/role/slm-admin
{
"cluster": ["manage_slm", "cluster:admin/snapshot/*"],
"indices": [
{
"names": [".slm-history-*"],
"privileges": ["all"]
}
]
}
To grant read-only access to {slm-init} policies and the snapshot history,
you can set up a role with the read_slm
cluster privilege and read access
to the {slm} history indices.
For example, the following request creates a slm-read-only
role:
POST /_security/role/slm-read-only
{
"cluster": ["read_slm"],
"indices": [
{
"names": [".slm-history-*"],
"privileges": ["read"]
}
]
}