Skip to content

Commit 91fdcb5

Browse files
dakronedakrone
authored
Add a note mentioning the privileges needed for SLM (#43708)
* Add a note mentioning the privileges needed for SLM This adds a note to the top of the "getting started with SLM" documentation mentioning that there are two built-in privileges to assist with creating roles for SLM users and administrators. Relates to #38461 * Mention that you can create snapshots for indices you can't read
1 parent 1a9988e commit 91fdcb5

File tree

1 file changed

+47
-1
lines changed

1 file changed

+47
-1
lines changed

docs/reference/ilm/getting-started-slm.asciidoc

Lines changed: 47 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -8,6 +8,52 @@ hands-on scenario. The goal of this example is to automatically back up {es}
88
indices using the <<modules-snapshots,snapshots>> every day at a particular
99
time.
1010

11+
[float]
12+
[[slm-and-security]]
13+
=== Security and SLM
14+
Before starting, it's important to understand the privileges that are needed
15+
when configuring SLM if you are using the security plugin. There are two
16+
built-in cluster privileges that can be used to assist: `manage_slm` and
17+
`read_slm`. It's also good to note that the `create_snapshot` permission
18+
allows taking snapshots even for indices the role may not have access to.
19+
20+
An example of configuring an administrator role for SLM follows:
21+
22+
[source,js]
23+
-----------------------------------
24+
POST /_security/role/slm-admin
25+
{
26+
"cluster": ["manage_slm", "create_snapshot"],
27+
"indices": [
28+
{
29+
"names": [".slm-history-*"],
30+
"privileges": ["all"]
31+
}
32+
]
33+
}
34+
-----------------------------------
35+
// CONSOLE
36+
// TEST[skip:security is not enabled here]
37+
38+
Or, for a read-only role that can retrieve policies (but not update, execute, or
39+
delete them), as well as only view the history index:
40+
41+
[source,js]
42+
-----------------------------------
43+
POST /_security/role/slm-read-only
44+
{
45+
"cluster": ["read_slm"],
46+
"indices": [
47+
{
48+
"names": [".slm-history-*"],
49+
"privileges": ["read"]
50+
}
51+
]
52+
}
53+
-----------------------------------
54+
// CONSOLE
55+
// TEST[skip:security is not enabled here]
56+
1157
[float]
1258
[[slm-gs-create-policy]]
1359
=== Setting up a repository
@@ -166,4 +212,4 @@ by searching the index pattern `.slm-history*`.
166212
That's it! We have our first SLM policy set up to periodically take snapshots
167213
so that our backups are always up to date. You can read more details in the
168214
<<snapshot-lifecycle-management-api,SLM API documentation>> and the
169-
<<modules-snapshots,general snapshot documentation.>>
215+
<<modules-snapshots,general snapshot documentation.>>

0 commit comments

Comments
 (0)