I'm experimenting with ES 7.6 and securing the stack. I've spent a fair amount of time in the documents and have become familiar with the built-in users & roles. I've also tried creating my own roles and users to match likely use cases we'll have for our user base.
One thing I've come across that has me flustered is the sub-features within the Management feature in Kibana. We will likely require the ability to limit access so some or all of these features, but it's not clear how I figure out which combination of cluster and index privileges are required for each feature and the actions within them.
I've tried accessing the sub-features with an account that doesn't have privileges to them, and recorded the various error messages that are returned. Most of them reference "actions" that were attempted without permission, but I haven't been able to determine which privileges grant access to specific actions.
I'd be open to an easier approach to managing this type of access, but would be happy with a list of the actions and associated privileges, at least the ones related to the Management sub-features in Kibana.