diff --git a/docs/reference/ilm/getting-started-slm.asciidoc b/docs/reference/ilm/getting-started-slm.asciidoc index d76164de56fc6..5849101ffe6c3 100644 --- a/docs/reference/ilm/getting-started-slm.asciidoc +++ b/docs/reference/ilm/getting-started-slm.asciidoc @@ -8,6 +8,52 @@ hands-on scenario. The goal of this example is to automatically back up {es} indices using the <> every day at a particular time. +[float] +[[slm-and-security]] +=== Security and SLM +Before starting, it's important to understand the privileges that are needed +when configuring SLM if you are using the security plugin. There are two +built-in cluster privileges that can be used to assist: `manage_slm` and +`read_slm`. It's also good to note that the `create_snapshot` permission +allows taking snapshots even for indices the role may not have access to. + +An example of configuring an administrator role for SLM follows: + +[source,js] +----------------------------------- +POST /_security/role/slm-admin +{ + "cluster": ["manage_slm", "create_snapshot"], + "indices": [ + { + "names": [".slm-history-*"], + "privileges": ["all"] + } + ] +} +----------------------------------- +// CONSOLE +// TEST[skip:security is not enabled here] + +Or, for a read-only role that can retrieve policies (but not update, execute, or +delete them), as well as only view the history index: + +[source,js] +----------------------------------- +POST /_security/role/slm-read-only +{ + "cluster": ["read_slm"], + "indices": [ + { + "names": [".slm-history-*"], + "privileges": ["read"] + } + ] +} +----------------------------------- +// CONSOLE +// TEST[skip:security is not enabled here] + [float] [[slm-gs-create-policy]] === Setting up a repository @@ -166,4 +212,4 @@ by searching the index pattern `.slm-history*`. That's it! We have our first SLM policy set up to periodically take snapshots so that our backups are always up to date. You can read more details in the <> and the -<> \ No newline at end of file +<>