monitoring_user built-in role can read metricbeat-* (#73627)

Co-authored-by: Chris Roberson <chrisronline@gmail.com>
elastic · Jun 1, 2021 · 11e2af9 · 11e2af9
1 parent b88fb8d
commit 11e2af9
Showing 1 changed file with 4 additions and 3 deletions.
diff --git a/...e/src/main/java/org/elasticsearch/xpack/core/security/authz/store/ReservedRolesStore.java b/...e/src/main/java/org/elasticsearch/xpack/core/security/authz/store/ReservedRolesStore.java
@@ -61,9 +61,10 @@ private static Map<String, RoleDescriptor> initializeReservedRoles() {
                 .put("monitoring_user", new RoleDescriptor("monitoring_user",
                         new String[] { "cluster:monitor/main", "cluster:monitor/xpack/info", RemoteInfoAction.NAME },
                         new RoleDescriptor.IndicesPrivileges[] {
-                            RoleDescriptor.IndicesPrivileges.builder()
-                                .indices(".monitoring-*").privileges("read", "read_cross_cluster").build()
-                        },
+                                RoleDescriptor.IndicesPrivileges.builder()
+                                    .indices(".monitoring-*").privileges("read", "read_cross_cluster").build(),
+                                RoleDescriptor.IndicesPrivileges.builder()
+                                    .indices("metricbeat-*").privileges("read", "read_cross_cluster").build() },
                         new RoleDescriptor.ApplicationResourcePrivileges[] {
                             RoleDescriptor.ApplicationResourcePrivileges.builder()
                                 .application("kibana-*").resources("*").privileges("reserved_monitoring").build()