From aa393912a38d8fd824d0ba62a48ca33583e45cc1 Mon Sep 17 00:00:00 2001
From: "opensearch-trigger-bot[bot]"
 <98922864+opensearch-trigger-bot[bot]@users.noreply.github.com>
Date: Mon, 20 Feb 2023 10:44:56 -0600
Subject: [PATCH] Moved index_template permission to cluster section (#2964)
 (#2974)

* Moved index_template permission to cluster section

Moved index_template permissions from index section to cluster section to avoid confusion when generating roles

Signed-off-by: Fran Moya <33333527+FrcMoya@users.noreply.github.com>

* Update _security/access-control/permissions.md

Co-authored-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com>

---------

Signed-off-by: Fran Moya <33333527+FrcMoya@users.noreply.github.com>
Co-authored-by: Naarcha-AWS <97990722+Naarcha-AWS@users.noreply.github.com>
Co-authored-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com>
(cherry picked from commit d22a5347736d80cb6386e8d934d290fb6b38ca99)

Co-authored-by: Fran Moya <33333527+FrcMoya@users.noreply.github.com>
---
 _security/access-control/permissions.md | 13 ++++++++-----
 1 file changed, 8 insertions(+), 5 deletions(-)

diff --git a/_security/access-control/permissions.md b/_security/access-control/permissions.md
index bdfeaf3918..795e824348 100644
--- a/_security/access-control/permissions.md
+++ b/_security/access-control/permissions.md
@@ -178,6 +178,14 @@ These permissions are for the cluster and can't be applied granularly. For examp
 - cluster:monitor/task/get
 - cluster:monitor/tasks/list
 
+The following permissions are for indexes but apply globally to the cluster:
+
+- indices:admin/index_template/delete
+- indices:admin/index_template/get
+- indices:admin/index_template/put
+- indices:admin/index_template/simulate
+- indices:admin/index_template/simulate_index
+
 
 ## Index permissions
 
@@ -200,11 +208,6 @@ These permissions apply to an index or index pattern. You might want a user to h
 - indices:admin/flush*
 - indices:admin/forcemerge
 - indices:admin/get (retrieve index and mapping)
-- indices:admin/index_template/delete
-- indices:admin/index_template/get
-- indices:admin/index_template/put
-- indices:admin/index_template/simulate
-- indices:admin/index_template/simulate_index
 - indices:admin/mapping/put
 - indices:admin/mappings/fields/get
 - indices:admin/mappings/fields/get*