From 82fb45eeb3cff8365d42eb3fe98459f207e3ddf7 Mon Sep 17 00:00:00 2001 From: lcawl Date: Fri, 23 Nov 2018 09:57:16 -0800 Subject: [PATCH 1/2] [DOCS] Adds manage_token privilege --- docs/en/stack/security/authorization/privileges.asciidoc | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/docs/en/stack/security/authorization/privileges.asciidoc b/docs/en/stack/security/authorization/privileges.asciidoc index 4f5d90588..defb1ae7d 100644 --- a/docs/en/stack/security/authorization/privileges.asciidoc +++ b/docs/en/stack/security/authorization/privileges.asciidoc @@ -43,9 +43,13 @@ or updated them. All operations on ingest pipelines. `manage_security`:: -All security related operations such as CRUD operations on users and roles and +All security-related operations such as CRUD operations on users and roles and cache clearing. +`manage_token`:: +All security-related operations on tokens that are generated by the {es} Token +Service. + `manage_watcher`:: All watcher operations, such as putting watches, executing, activate or acknowledging. + From 47acd521ebdec294df37bfa8ef769098795a28c0 Mon Sep 17 00:00:00 2001 From: lcawl Date: Fri, 23 Nov 2018 10:02:51 -0800 Subject: [PATCH 2/2] [DOCS] Adds token privilege to kibana_system role --- .../stack/security/authorization/built-in-roles.asciidoc | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/docs/en/stack/security/authorization/built-in-roles.asciidoc b/docs/en/stack/security/authorization/built-in-roles.asciidoc index d7fa3c40e..1203548e8 100644 --- a/docs/en/stack/security/authorization/built-in-roles.asciidoc +++ b/docs/en/stack/security/authorization/built-in-roles.asciidoc @@ -47,10 +47,10 @@ information, see [[built-in-roles-kibana-system]] `kibana_system` :: Grants access necessary for the {kib} system user to read from and write to the -{kib} indices, manage index templates, and check the availability of the {es} cluster. -This role grants read access to the `.monitoring-*` indices and read and write access -to the `.reporting-*` indices. For more information, see -{kibana-ref}/using-kibana-with-security.html[Configuring Security in {kib}]. +{kib} indices, manage index templates and tokens, and check the availability of +the {es} cluster. This role grants read access to the `.monitoring-*` indices +and read and write access to the `.reporting-*` indices. For more information, +see {kibana-ref}/using-kibana-with-security.html[Configuring Security in {kib}]. + NOTE: This role should not be assigned to users as the granted permissions may change between releases.