From 90d88830d9d0b97b867bb878e4ecc990ee41e77b Mon Sep 17 00:00:00 2001
From: Andrew Cholakian <andrew@andrewvc.com>
Date: Tue, 5 Mar 2019 15:46:43 -0600
Subject: [PATCH] Add role info to uptime docs

---
 docs/uptime/index.asciidoc    |  1 +
 docs/uptime/security.asciidoc | 69 +++++++++++++++++++++++++++++++++++
 2 files changed, 70 insertions(+)
 create mode 100644 docs/uptime/security.asciidoc

diff --git a/docs/uptime/index.asciidoc b/docs/uptime/index.asciidoc
index b74595f413c45..3729f4460ad95 100644
--- a/docs/uptime/index.asciidoc
+++ b/docs/uptime/index.asciidoc
@@ -21,3 +21,4 @@ from Heartbeat 7.0.
 
 include::overview.asciidoc[]
 include::monitor.asciidoc[]
+include::security.asciidoc[]
diff --git a/docs/uptime/security.asciidoc b/docs/uptime/security.asciidoc
new file mode 100644
index 0000000000000..07337b9d17d11
--- /dev/null
+++ b/docs/uptime/security.asciidoc
@@ -0,0 +1,69 @@
+[role="xpack"]
+[[uptime-security]]
+
+== Use with Elasticsearch Security
+
+If you have Elasticsearch security enabled you'll need to enable certain privileges for users 
+that would like to access the Uptime app. In this document we'll show an example of creating 
+a user and support role to implement those privileges.
+
+=== Creating the Role
+
+You'll need a role that lets you access the Heartbeat indices, which by default are `heartbeat-*`.
+You can create this with the following request:
+
+["source","sh",subs="attributes,callouts"]
+---------------------------------------------------------------
+PUT /_security/role/uptime
+{ "indices" : [
+    {
+      "names" : [
+        "heartbeat-*"
+      ],
+      "privileges" : [
+        "read",
+        "view_index_metadata"
+      ],
+      "field_security" : {
+        "grant" : [
+          "*"
+        ]
+      },
+      "allow_restricted_indices" : false
+    }
+  ],
+  "applications" : [
+    {
+      "application" : "kibana-.kibana",
+      "privileges" : [
+        "all"
+      ],
+      "resources" : [
+        "*"
+      ]
+    }
+  ],
+  "transient_metadata" : {
+    "enabled" : true
+  }
+}
+---------------------------------------------------------------
+
+=== Creating the User
+
+You will then need to create a user with both the `kibana_user`, and `uptime` roles. 
+You can do this with the following request.
+
+["source","sh",subs="attributes,callouts"]
+---------------------------------------------------------------
+PUT /_security/user/jacknich
+{
+  "password" : "j@rV1s",
+  "roles" : [ "uptime", "kibana_user" ],
+  "full_name" : "Jack Nicholson",
+  "email" : "jacknich@example.com",
+  "metadata" : {
+    "intelligence" : 7
+  }
+}
+---------------------------------------------------------------
\ No newline at end of file