From a99b5342bd60a082bc972e7cbec539cc0dad7a4c Mon Sep 17 00:00:00 2001
From: Tal Levy <jubboy333@gmail.com>
Date: Mon, 17 Dec 2018 17:28:45 -0800
Subject: [PATCH 1/2] [ILM][DOCS] Update ILM API authorization docs

the `view_index_metadata` privilege. Now the ILM API authorization
documentation mentions the need for these roles in more specific
ways.
---
 docs/reference/ilm/apis/delete-lifecycle.asciidoc          | 3 ++-
 docs/reference/ilm/apis/explain.asciidoc                   | 4 +++-
 docs/reference/ilm/apis/get-status.asciidoc                | 3 ++-
 docs/reference/ilm/apis/ilm-cluster-mgt-privilege.asciidoc | 2 --
 docs/reference/ilm/apis/ilm-index-mgt-privilege.asciidoc   | 2 --
 docs/reference/ilm/apis/move-to-step.asciidoc              | 3 ++-
 docs/reference/ilm/apis/put-lifecycle.asciidoc             | 3 ++-
 docs/reference/ilm/apis/remove-policy-from-index.asciidoc  | 3 ++-
 docs/reference/ilm/apis/retry-policy.asciidoc              | 3 ++-
 docs/reference/ilm/apis/start.asciidoc                     | 3 ++-
 docs/reference/ilm/apis/stop.asciidoc                      | 3 ++-
 11 files changed, 19 insertions(+), 13 deletions(-)
 delete mode 100644 docs/reference/ilm/apis/ilm-cluster-mgt-privilege.asciidoc
 delete mode 100644 docs/reference/ilm/apis/ilm-index-mgt-privilege.asciidoc

diff --git a/docs/reference/ilm/apis/delete-lifecycle.asciidoc b/docs/reference/ilm/apis/delete-lifecycle.asciidoc
index adb1112961e47..2427169c5e797 100644
--- a/docs/reference/ilm/apis/delete-lifecycle.asciidoc
+++ b/docs/reference/ilm/apis/delete-lifecycle.asciidoc
@@ -31,7 +31,8 @@ include::{docdir}/rest-api/timeoutparms.asciidoc[]
 
 ==== Authorization
 
-include::ilm-cluster-mgt-privilege.asciidoc[]
+You must have the `manage_ilm` cluster privilege to use this API.
+For more information, see {stack-ov}/security-privileges.html[Security Privileges].
 
 ==== Examples
 
diff --git a/docs/reference/ilm/apis/explain.asciidoc b/docs/reference/ilm/apis/explain.asciidoc
index fb8d669f70e52..3854981794999 100644
--- a/docs/reference/ilm/apis/explain.asciidoc
+++ b/docs/reference/ilm/apis/explain.asciidoc
@@ -32,7 +32,9 @@ include::{docdir}/rest-api/timeoutparms.asciidoc[]
 
 ==== Authorization
 
-include::ilm-index-mgt-privilege.asciidoc[]
+You must have the `view_index_metadata` or `manage_ilm` or both privileges on the indices
+being managed to use this API.
+For more information, see {stack-ov}/security-privileges.html[Security Privileges].
 
 ==== Examples
 
diff --git a/docs/reference/ilm/apis/get-status.asciidoc b/docs/reference/ilm/apis/get-status.asciidoc
index a2c1a1ade99f9..59557e8fbeee2 100644
--- a/docs/reference/ilm/apis/get-status.asciidoc
+++ b/docs/reference/ilm/apis/get-status.asciidoc
@@ -27,7 +27,8 @@ include::{docdir}/rest-api/timeoutparms.asciidoc[]
 
 ==== Authorization
 
-include::ilm-cluster-mgt-privilege.asciidoc[]
+You must have the `manage_ilm` or `read_ilm` or both cluster privileges to use this API.
+For more information, see {stack-ov}/security-privileges.html[Security Privileges].
 
 ==== Examples
 
diff --git a/docs/reference/ilm/apis/ilm-cluster-mgt-privilege.asciidoc b/docs/reference/ilm/apis/ilm-cluster-mgt-privilege.asciidoc
deleted file mode 100644
index eef1433a9c055..0000000000000
--- a/docs/reference/ilm/apis/ilm-cluster-mgt-privilege.asciidoc
+++ /dev/null
@@ -1,2 +0,0 @@
-You must have the cluster `manage` privilege to use this API.
-For more information, see {stack-ov}/security-privileges.html[Security Privileges].
diff --git a/docs/reference/ilm/apis/ilm-index-mgt-privilege.asciidoc b/docs/reference/ilm/apis/ilm-index-mgt-privilege.asciidoc
deleted file mode 100644
index c2a3e3fddb5c0..0000000000000
--- a/docs/reference/ilm/apis/ilm-index-mgt-privilege.asciidoc
+++ /dev/null
@@ -1,2 +0,0 @@
-You must have the `manage` privilege on the indices being managed to use this API.
-For more information, see {stack-ov}/security-privileges.html[Security Privileges].
diff --git a/docs/reference/ilm/apis/move-to-step.asciidoc b/docs/reference/ilm/apis/move-to-step.asciidoc
index e265761fc328a..ca1c825772a80 100644
--- a/docs/reference/ilm/apis/move-to-step.asciidoc
+++ b/docs/reference/ilm/apis/move-to-step.asciidoc
@@ -40,7 +40,8 @@ include::{docdir}/rest-api/timeoutparms.asciidoc[]
 
 ==== Authorization
 
-include::ilm-index-mgt-privilege.asciidoc[]
+You must have the `manage_ilm` privileges on the indices being managed to use this API.
+For more information, see {stack-ov}/security-privileges.html[Security Privileges].
 
 ==== Examples
 
diff --git a/docs/reference/ilm/apis/put-lifecycle.asciidoc b/docs/reference/ilm/apis/put-lifecycle.asciidoc
index c436c8d4b6201..0e4cb3ea8af35 100644
--- a/docs/reference/ilm/apis/put-lifecycle.asciidoc
+++ b/docs/reference/ilm/apis/put-lifecycle.asciidoc
@@ -33,7 +33,8 @@ include::{docdir}/rest-api/timeoutparms.asciidoc[]
 
 ==== Authorization
 
-include::ilm-cluster-mgt-privilege.asciidoc[]
+You must have the `manage_ilm` cluster privilege to use this API.
+For more information, see {stack-ov}/security-privileges.html[Security Privileges].
 
 ==== Examples
 
diff --git a/docs/reference/ilm/apis/remove-policy-from-index.asciidoc b/docs/reference/ilm/apis/remove-policy-from-index.asciidoc
index b44bb850261be..e0e9bf3280db8 100644
--- a/docs/reference/ilm/apis/remove-policy-from-index.asciidoc
+++ b/docs/reference/ilm/apis/remove-policy-from-index.asciidoc
@@ -31,7 +31,8 @@ include::{docdir}/rest-api/timeoutparms.asciidoc[]
 
 ==== Authorization
 
-include::ilm-cluster-mgt-privilege.asciidoc[]
+You must have the `manage_ilm` privileges on the indices being managed to use this API.
+For more information, see {stack-ov}/security-privileges.html[Security Privileges].
 
 ==== Examples
 
diff --git a/docs/reference/ilm/apis/retry-policy.asciidoc b/docs/reference/ilm/apis/retry-policy.asciidoc
index 7052546ce6a7b..d2dbd964aa526 100644
--- a/docs/reference/ilm/apis/retry-policy.asciidoc
+++ b/docs/reference/ilm/apis/retry-policy.asciidoc
@@ -31,7 +31,8 @@ include::{docdir}/rest-api/timeoutparms.asciidoc[]
 
 ==== Authorization
 
-include::ilm-index-mgt-privilege.asciidoc[]
+You must have the `manage_ilm` privileges on the indices being managed to use this API.
+For more information, see {stack-ov}/security-privileges.html[Security Privileges].
 
 ==== Examples
 
diff --git a/docs/reference/ilm/apis/start.asciidoc b/docs/reference/ilm/apis/start.asciidoc
index f5c29bf84eaed..a739ebb71da12 100644
--- a/docs/reference/ilm/apis/start.asciidoc
+++ b/docs/reference/ilm/apis/start.asciidoc
@@ -26,7 +26,8 @@ include::{docdir}/rest-api/timeoutparms.asciidoc[]
 
 ==== Authorization
 
-include::ilm-cluster-mgt-privilege.asciidoc[]
+You must have the `manage_ilm` cluster privilege to use this API.
+For more information, see {stack-ov}/security-privileges.html[Security Privileges].
 
 ==== Examples
 
diff --git a/docs/reference/ilm/apis/stop.asciidoc b/docs/reference/ilm/apis/stop.asciidoc
index eaefb7783cadb..a33b945d53717 100644
--- a/docs/reference/ilm/apis/stop.asciidoc
+++ b/docs/reference/ilm/apis/stop.asciidoc
@@ -31,7 +31,8 @@ include::{docdir}/rest-api/timeoutparms.asciidoc[]
 
 ==== Authorization
 
-include::ilm-cluster-mgt-privilege.asciidoc[]
+You must have the `manage_ilm` cluster privilege to use this API.
+For more information, see {stack-ov}/security-privileges.html[Security Privileges].
 
 ==== Examples
 

From 7f4187de0728109b617992d1b24d96b6d4519bf4 Mon Sep 17 00:00:00 2001
From: Tal Levy <jubboy333@gmail.com>
Date: Tue, 18 Dec 2018 07:04:34 -0800
Subject: [PATCH 2/2] update

---
 docs/reference/ilm/apis/get-lifecycle.asciidoc | 3 ++-
 docs/reference/ilm/apis/put-lifecycle.asciidoc | 5 ++++-
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/docs/reference/ilm/apis/get-lifecycle.asciidoc b/docs/reference/ilm/apis/get-lifecycle.asciidoc
index c2c76650eeae3..9603da9cd64b3 100644
--- a/docs/reference/ilm/apis/get-lifecycle.asciidoc
+++ b/docs/reference/ilm/apis/get-lifecycle.asciidoc
@@ -31,7 +31,8 @@ include::{docdir}/rest-api/timeoutparms.asciidoc[]
 
 ==== Authorization
 
-include::ilm-cluster-mgt-privilege.asciidoc[]
+You must have the `manage_ilm` or `read_ilm` or both cluster privileges to use this API.
+For more information, see {stack-ov}/security-privileges.html[Security Privileges].
 
 ==== Examples
 
diff --git a/docs/reference/ilm/apis/put-lifecycle.asciidoc b/docs/reference/ilm/apis/put-lifecycle.asciidoc
index 0e4cb3ea8af35..3f15e6d2c32b5 100644
--- a/docs/reference/ilm/apis/put-lifecycle.asciidoc
+++ b/docs/reference/ilm/apis/put-lifecycle.asciidoc
@@ -33,7 +33,10 @@ include::{docdir}/rest-api/timeoutparms.asciidoc[]
 
 ==== Authorization
 
-You must have the `manage_ilm` cluster privilege to use this API.
+You must have the `manage_ilm` cluster privilege to use this API. You must
+also have the `manage` index privilege on all indices being managed by `policy`.
+All operations executed by {Ilm} for a policy are executed as the user that
+put the latest version of a policy.
 For more information, see {stack-ov}/security-privileges.html[Security Privileges].
 
 ==== Examples