Is there a way to change the default security roles?

I'm using the ODBC driver to connect Tableau to Elasticsearch and ran into this. Through trial and error, the user connected to the driver needs to have the manage role in order to pull in the "tables" from ES. I tried by giving only read and monitor privs for the indices, but Tableau couldn't find the names of the indices I needed with only those two.

Under the manage priv, it says it has:

All monitor privileges plus index administration (aliases, analyze, cache clear, close, delete, exists, flush, mapping, open, force merge, refresh, settings, search shards, templates, validate).

I'd love it if I could exclude the delete priv and keep the other ones open. Is there any way to do a custom one?

This is definitely a problem for anyone using the Tableau connector to ES and has users with different permission levels because they need to have this priv in order to make the connection to indices happen at all.

Hi @seanziee,

Have you seen this section of the docs https://www.elastic.co/guide/en/elasticsearch/reference/current/sql-security.html#sql-security-permissions ? It details the minimal role the user requires to use SQL/ODBC features.

Can you please try creating the following role:

curl -X POST "localhost:9200/_security/role/my_tableau_role?pretty" -H 'Content-Type: application/json' -d'
{
  "cluster": ["cluster:monitor/main"],
  "indices": [
    {
      "names": [ "indices-tableau-is-pulling-*" ],
      "privileges": ["read", "indices:admin/get"]
    }
  ]
}
'

And let us know if that worked for you?

No it didn't work, but I just got it to work with "read" and "view_index_metadata" for the index privs. Thanks for your help!