From cd4a90ff279d65d83f91e4b33493cc98f6b7864c Mon Sep 17 00:00:00 2001 From: James Rodewig <40268737+jrodewig@users.noreply.github.com> Date: Fri, 29 Jan 2021 17:08:44 -0500 Subject: [PATCH] [DOCS] Fix SLM security privilege wording (#68238) (#68239) --- docs/reference/slm/apis/index.asciidoc | 71 ------------------------ docs/reference/slm/slm-security.asciidoc | 2 +- 2 files changed, 1 insertion(+), 72 deletions(-) delete mode 100644 docs/reference/slm/apis/index.asciidoc diff --git a/docs/reference/slm/apis/index.asciidoc b/docs/reference/slm/apis/index.asciidoc deleted file mode 100644 index ce03c58e4faae..0000000000000 --- a/docs/reference/slm/apis/index.asciidoc +++ /dev/null @@ -1,71 +0,0 @@ -[role="xpack"] -[testenv="basic"] -[[snapshot-lifecycle-management]] -== Manage the snapshot lifecycle - -You can set up snapshot lifecycle policies to automate the timing, frequency, and retention of snapshots. -Snapshot policies can apply to multiple data streams and indices. - -The snapshot lifecycle management (SLM) <> provide -the building blocks for the snapshot policy features that are part of the Management application in {kib}. -The Snapshot and Restore UI makes it easy to set up policies, register snapshot repositories, -view and manage snapshots, and restore data streams or indices. - -You can stop and restart SLM to temporarily pause automatic backups while performing -upgrades or other maintenance. - -[discrete] -[[slm-and-security]] -=== Security and SLM - -Two built-in cluster privileges control access to the SLM actions when -{es} {security-features} are enabled: - -`manage_slm`:: Allows a user to perform all SLM actions, including creating and updating policies -and starting and stopping SLM. - -`read_slm`:: Allows a user to perform all read-only SLM actions, -such as getting policies and checking the SLM status. - -`cluster:admin/snapshot/*`:: Allows a user to take and delete snapshots of any -index, whether or not they have access to that index. - -For example, the following request configures an `slm-admin` role that grants the privileges -necessary for administering SLM. - -[source,console] ------------------------------------ -POST /_security/role/slm-admin -{ - "cluster": ["manage_slm", "cluster:admin/snapshot/*"], - "indices": [ - { - "names": [".slm-history-*"], - "privileges": ["all"] - } - ] -} ------------------------------------ -// TEST[skip:security is not enabled here] - -Or, for a read-only role that can retrieve policies (but not update, execute, or -delete them), as well as only view the history index: - -[source,console] ------------------------------------ -POST /_security/role/slm-read-only -{ - "cluster": ["read_slm"], - "indices": [ - { - "names": [".slm-history-*"], - "privileges": ["read"] - } - ] -} ------------------------------------ -// TEST[skip:security is not enabled here] - -include::getting-started-slm.asciidoc[] - -include::slm-retention.asciidoc[] diff --git a/docs/reference/slm/slm-security.asciidoc b/docs/reference/slm/slm-security.asciidoc index b01c76531c1d4..983509f1893f5 100644 --- a/docs/reference/slm/slm-security.asciidoc +++ b/docs/reference/slm/slm-security.asciidoc @@ -1,7 +1,7 @@ [[slm-and-security]] === Security and {slm-init} -Two built-in cluster privileges control access to the {slm-init} actions when +The following cluster privileges control access to the {slm-init} actions when {es} {security-features} are enabled: `manage_slm`:: Allows a user to perform all {slm-init} actions, including creating and updating policies