On my Elasticsearch 7.x cluster, the
beats_system role has the index privileges
According to Security privileges | Elasticsearch Guide [7.17] | Elastic, roles with the the index
create privilege may:
index documents, allowing overwriting any existing document, but not permitting updating one.
According to that same document, the index
create_doc privilege does NOT allow for overwriting:
Privilege to index new documents, without allowing overwriting or updating existing ones.
According to Grant privileges and roles needed for monitoring | Filebeat Reference [7.17] | Elastic, a user-made role (as an alternative to using the built-in
beats_system role) should have the index
- Why does the built-in
beats_systemrole have the index
createprivilege instead of the index
- How could I replace the index
createprivilege with the index
create_docprivilege for the
beats_systemrole? I am unable to update it because it's built in.