Short time reader, first time caller...
I am new to Elasticsearch and I am stumbling around. I am following the best practice of creating separate spaces for different user groups. For example I have a space for my networking team and another for my security team. I understand how to create the roles and utilize role mappings. What I am struggling with is how to identify what Elasticsearch privileges are needed for different apps. I am not talking about Kibana privilege's.
For example, I want to allow my network team access to Observability Metrics. Currently they can see the squares representing the systems but they cannot view the data. How do I determine what permissions are needed to allow read access?
I have searched the documentation and sometimes I do find information describing what permissions are needed but not all cases. Can I use dev tools to determine what permissions an app needs so I can grant those permissions to an individual or role? Can someone give an example of that process?