From 544ff2431eeb55ccbb1110a49ba97fb2350ed3d6 Mon Sep 17 00:00:00 2001
From: eugene7421 <158471256+eugene7421@users.noreply.github.com>
Date: Tue, 5 Mar 2024 20:01:07 +0000
Subject: [PATCH] Updated index permissions as per customer request #20230726
 (#6404)

* I updated index permissions as per customer request

Signed-off-by: eugene7421 <yevhenii.velychenko@eliatra.com>

* Update permissions.md

Signed-off-by: Naarcha-AWS <97990722+Naarcha-AWS@users.noreply.github.com>

* fixing datadog issues

Signed-off-by: leanne.laceybyrne@eliatra.com <leanne.laceybyrne@eliatra.com>

* fix more links

Signed-off-by: Naarcha-AWS <97990722+Naarcha-AWS@users.noreply.github.com>

* Update URL strcuture.

Signed-off-by: Naarcha-AWS <97990722+Naarcha-AWS@users.noreply.github.com>

* reviewdog issues ammeded

Signed-off-by: leanne.laceybyrne@eliatra.com <leanne.laceybyrne@eliatra.com>

* Update permissions.md

Signed-off-by: Naarcha-AWS <97990722+Naarcha-AWS@users.noreply.github.com>

* Update permissions.md

Signed-off-by: Naarcha-AWS <97990722+Naarcha-AWS@users.noreply.github.com>

* Update permissions.md

Signed-off-by: Naarcha-AWS <97990722+Naarcha-AWS@users.noreply.github.com>

---------

Signed-off-by: eugene7421 <yevhenii.velychenko@eliatra.com>
Signed-off-by: Naarcha-AWS <97990722+Naarcha-AWS@users.noreply.github.com>
Signed-off-by: leanne.laceybyrne@eliatra.com <leanne.laceybyrne@eliatra.com>
Co-authored-by: Naarcha-AWS <97990722+Naarcha-AWS@users.noreply.github.com>
Co-authored-by: leanne.laceybyrne@eliatra.com <leanne.laceybyrne@eliatra.com>
---
 _security/access-control/permissions.md | 152 ++++++++++++------------
 1 file changed, 78 insertions(+), 74 deletions(-)

diff --git a/_security/access-control/permissions.md b/_security/access-control/permissions.md
index 60939612fd..226eb259c7 100644
--- a/_security/access-control/permissions.md
+++ b/_security/access-control/permissions.md
@@ -380,80 +380,84 @@ See [Index templates]({{site.url}}{{site.baseurl}}/im-plugin/index-templates/).
 
 These permissions apply to an index or index pattern. You might want a user to have read access to all indexes (that is, `*`), but write access to only a few (for example, `web-logs` and `product-catalog`).
 
-- indices:admin/aliases
-- indices:admin/aliases/get
-- indices:admin/analyze
-- indices:admin/cache/clear
-- indices:admin/close
-- indices:admin/close*
-- indices:admin/create (create indexes)
-- indices:admin/data_stream/create
-- indices:admin/data_stream/delete
-- indices:admin/data_stream/get
-- indices:admin/delete (delete indexes)
-- indices:admin/exists
-- indices:admin/flush
-- indices:admin/flush*
-- indices:admin/forcemerge
-- indices:admin/get (retrieve index and mapping)
-- indices:admin/mapping/put
-- indices:admin/mappings/fields/get
-- indices:admin/mappings/fields/get*
-- indices:admin/mappings/get
-- indices:admin/open
-- indices:admin/plugins/replication/index/setup/validate
-- indices:admin/plugins/replication/index/start
-- indices:admin/plugins/replication/index/pause
-- indices:admin/plugins/replication/index/resume
-- indices:admin/plugins/replication/index/stop
-- indices:admin/plugins/replication/index/update
-- indices:admin/plugins/replication/index/status_check
-- indices:admin/refresh
-- indices:admin/refresh*
-- indices:admin/resolve/index
-- indices:admin/rollover
-- indices:admin/seq_no/global_checkpoint_sync
-- indices:admin/settings/update
-- indices:admin/shards/search_shards
-- indices:admin/template/delete
-- indices:admin/template/get
-- indices:admin/template/put
-- indices:admin/upgrade
-- indices:admin/validate/query
-- indices:data/read/explain
-- indices:data/read/field_caps
-- indices:data/read/field_caps*
-- indices:data/read/get
-- indices:data/read/mget
-- indices:data/read/mget*
-- indices:data/read/msearch
-- indices:data/read/msearch/template
-- indices:data/read/mtv (multi-term vectors)
-- indices:data/read/mtv*
-- indices:data/read/plugins/replication/file_chunk
-- indices:data/read/plugins/replication/changes
-- indices:data/read/scroll
-- indices:data/read/scroll/clear
-- indices:data/read/search
-- indices:data/read/search*
-- indices:data/read/search/template
-- indices:data/read/tv (term vectors)
-- indices:data/write/bulk
-- indices:data/write/bulk*
-- indices:data/write/delete (delete documents)
-- indices:data/write/delete/byquery
-- indices:data/write/plugins/replication/changes
-- indices:data/write/index (add documents to existing indexes)
-- indices:data/write/reindex
-- indices:data/write/update
-- indices:data/write/update/byquery
-- indices:monitor/data_stream/stats
-- indices:monitor/recovery
-- indices:monitor/segments
-- indices:monitor/settings/get
-- indices:monitor/shard_stores
-- indices:monitor/stats
-- indices:monitor/upgrade
+<!-- vale off -->
+| Permission | Description |
+| --- | --- |
+| `indices:admin/aliases` |  Permissions for [index aliases]({{site.url}}{{site.baseurl}}/im-plugin/index-alias/). |
+| `indices:admin/aliases/get` |  Permission to get [index aliases]({{site.url}}{{site.baseurl}}/im-plugin/index-alias/). |
+| `indices:admin/analyze` |  Permission to use the [Analyze API]({{site.url}}{{site.baseurl}}/api-reference/analyze-apis/). |
+| `indices:admin/cache/clear` |  Permission to [clear cache]({{site.url}}{{site.baseurl}}/api-reference/index-apis/clear-index-cache/). |
+| `indices:admin/close` |  Permission to [close an index]({{site.url}}{{site.baseurl}}/api-reference/index-apis/close-index/). |
+| `indices:admin/close*` |  Permission to [close an index]({{site.url}}{{site.baseurl}}/api-reference/index-apis/close-index/). |
+| `indices:admin/create` |  Permission to [create indexes]({{site.url}}{{site.baseurl}}/api-reference/index-apis/create-index/). |
+| `indices:admin/data_stream/create` |  Permission to create [data streams]({{site.url}}{{site.baseurl}}/dashboards/im-dashboards/datastream/#creating-a-data-stream). |
+| `indices:admin/data_stream/delete` |  Permission to [delete data streams]({{site.url}}{{site.baseurl}}/dashboards/im-dashboards/datastream/#deleting-a-data-stream). |
+| `indices:admin/data_stream/get` |  Permission to [get data streams]({{site.url}}{{site.baseurl}}/dashboards/im-dashboards/datastream/#viewing-a-data-stream). |
+| `indices:admin/delete` |  Permission to [delete indexes]({{site.url}}{{site.baseurl}}/api-reference/index-apis/delete-index/). |
+| `indices:admin/exists` |  Permission to use [exists query]({{site.url}}{{site.baseurl}}/query-dsl/term/exists/). |
+| `indices:admin/flush` |  Permission to [flush an index]({{site.url}}{{site.baseurl}}/dashboards/im-dashboards/index-management/#flushing-an-index). |
+| `indices:admin/flush*` |  Permission to [flush an index]({{site.url}}{{site.baseurl}}/dashboards/im-dashboards/index-management/#flushing-an-index). |
+| `indices:admin/forcemerge` |  Permission to force merge indexes and data streams. |
+| `indices:admin/get` |  Permission to get index and mapping. |
+| `indices:admin/mapping/put` |  Permission to add new mappings and fields to an index. |
+| `indices:admin/mappings/fields/get` |  Permission to get mappings fields. |
+| `indices:admin/mappings/fields/get*` |  Permission to get mappings fields. |
+| `indices:admin/mappings/get` |  Permission to [get mappings]({{site.url}}{{site.baseurl}}/security-analytics/api-tools/mappings-api/#get-mappings).  |
+| `indices:admin/open` |  Permission to [open an index]({{site.url}}{{site.baseurl}}/api-reference/index-apis/open-index/). |
+| `indices:admin/plugins/replication/index/setup/validate` |  Permission to validate a connection to a [remote cluster]({{site.url}}{{site.baseurl}}/tuning-your-cluster/replication-plugin/getting-started/#set-up-a-cross-cluster-connection). |
+| `indices:admin/plugins/replication/index/start` |  Permission to [start cross-cluster replication]({{site.url}}{{site.baseurl}}/tuning-your-cluster/replication-plugin/getting-started/#start-replication). |
+| `indices:admin/plugins/replication/index/pause` |  Permission to pause cross-cluster replication. |
+| `indices:admin/plugins/replication/index/resume` |  Permission to resume cross-cluster replication. |
+| `indices:admin/plugins/replication/index/stop` |  Permission to stop cross-cluster replication. |
+| `indices:admin/plugins/replication/index/update` |  Permission to update cross-cluster replication settings. |
+| `indices:admin/plugins/replication/index/status_check` |  Permission to check the status of cross-cluster replication. |
+| `indices:admin/refresh` |  Permission to use the [index refresh API]({{site.url}}{{site.baseurl}}/dashboards/im-dashboards/index-management/#refreshing-an-index). |
+| `indices:admin/refresh*` |  Permission to use the index refresh API. |
+| `indices:admin/resolve/index` |  Permission to resolve index names, index aliases and data streams. |
+| `indices:admin/rollover` |  Permission to perform [index rollover]({{site.url}}{{site.baseurl}}/dashboards/im-dashboards/rollover/). |
+| `indices:admin/seq_no/global_checkpoint_sync` | Permission to perform a global checkpoint sync.  |
+| `indices:admin/settings/update` |  Permission to [update index settings]({{site.url}}{{site.baseurl}}/api-reference/index-apis/update-settings/). |
+| `indices:admin/shards/search_shards` |  Permission to perform [cross cluster search]({{site.url}}{{site.baseurl}}/security/access-control/cross-cluster-search/). |
+| `indices:admin/template/delete` |  Permission to [delete index templates]({{site.url}}{{site.baseurl}}/im-plugin/index-templates/#delete-a-template). |
+| `indices:admin/template/get` |  Permission to [get index templates]({{site.url}}{{site.baseurl}}/im-plugin/index-templates/#retrieve-a-template). |
+| `indices:admin/template/put` |  Permission to [create index templates]({{site.url}}{{site.baseurl}}/im-plugin/index-templates/#create-a-template). |
+| `indices:admin/upgrade` | Permission for administrators to perform upgrades. |
+| `indices:admin/validate/query` |  Permission to validate a specific query. |
+| `indices:data/read/explain` |  Permission to run the [Explain API]({{site.url}}{{site.baseurl}}/api-reference/explain/). |
+| `indices:data/read/field_caps` |  Permission to run the [Field Capabilities API]({{site.url}}{{site.baseurl}}/field-types/supported-field-types/alias/#using-aliases-in-field-capabilities-api-operations). |
+| `indices:data/read/field_caps*` |  Permission to run the Field Capabilities API. |
+| `indices:data/read/get` |  Permission to read index data.  |
+| `indices:data/read/mget` |  Permission to run [multiple GET operations]({{site.url}}{{site.baseurl}}/api-reference/document-apis/multi-get/) in one request. |
+| `indices:data/read/mget*` |  Permission to run multiple GET operations in one request.  |
+| `indices:data/read/msearch` |  Permission to run [multiple search]({{site.url}}{{site.baseurl}}/api-reference/multi-search/)  requests into a single request. |
+| `indices:data/read/msearch/template` |  Permission to bundle [multiple search templates]({{site.url}}{{site.baseurl}}/api-reference/search-template/#multiple-search-templates) and send them to your OpenSearch cluster in a single request. |
+| `indices:data/read/mtv` |  Permission to retrieve multiple term vectors with a single request. |
+| `indices:data/read/mtv*` |  Permission to retrieve multiple term vectors with a single request. |
+| `indices:data/read/plugins/replication/file_chunk` | Permission to check files during segment replication. |
+| `indices:data/read/plugins/replication/changes` | Permission to make changes to segment replication settings.  |
+| `indices:data/read/scroll` |  Permission to scroll data. |
+| `indices:data/read/scroll/clear` | Permission to clear read scroll data. |
+| `indices:data/read/search` |  Permission to [search]({{site.url}}{{site.baseurl}}/api-reference/search/) data.|
+| `indices:data/read/search*` |  Permission to search data. |
+| `indices:data/read/search/template` |  Permission to read a search template. |
+| `indices:data/read/tv` |  Permission to retrieve information and statistics for terms in the fields of a particular document. |
+| `indices:data/write/bulk` |  Permission to run a [bulk]({{site.url}}{{site.baseurl}}/api-reference/document-apis/bulk/) request. |
+| `indices:data/write/bulk*` |  Permission to run a bulk request. |
+| `indices:data/write/delete` |  Permission to [delete documents]({{site.url}}{{site.baseurl}}/api-reference/document-apis/delete-document/). |
+| `indices:data/write/delete/byquery` |  Permission to delete all documents that [match a query]({{site.url}}{{site.baseurl}}/api-reference/document-apis/delete-by-query/). |
+| `indices:data/write/plugins/replication/changes` |   |
+| `indices:data/write/index` |  Permission to add documents to existing indexes. See also [Index document]( {{site.url}}{{site.baseurl}}/api-reference/document-apis/index-document/ ) |
+| `indices:data/write/reindex` |  Permission to run a [reindex]({{site.url}}{{site.baseurl}}/im-plugin/reindex-data/). |
+| `indices:data/write/update` | Permission to update an index. |
+| `indices:data/write/update/byquery` |  Permission to run the script to update all of the documents that [match the query]({{site.url}}{{site.baseurl}}/api-reference/document-apis/update-by-query/). |
+| `indices:monitor/data_stream/stats` | Permission to stream stats.  |
+| `indices:monitor/recovery` | Permission to access recovery stats. |
+| `indices:monitor/segments` |  Permission to access segment stats. |
+| `indices:monitor/settings/get` | Permission to get mointor settings.  |
+| `indices:monitor/shard_stores` |  Permission to access shard store stats. |
+| `indices:monitor/stats` | Permission to access monitoring stats.  |
+| `indices:monitor/upgrade` | Permission to access upgrade stats.  |
+<!-- vale on -->
 
 
 ## Security REST permissions