I've created a dedicated space for one of our development teams where they can create alert rules of type "Elasticsearch query" themselves. Therefore I also set up a role granting permissions for operating on those rules.
However, it's not possible to manually run the rules from the overview page as shown in the screenshots below.
My first guess was that the manual run would create a background task that needed further privileges.
But after some try-&-error where I ended up granting the role all space privileges and all cluster-/index-privileges, I figured out that only granting the superuser
role to the test users fixes this issue.
This can definitely not be the proper way. So is this a bug?
Kind regards
Stack version: 8.6.1
This is the newly set up role:
{
"MY_ROLE": {
"cluster": [],
"indices": [],
"applications": [
{
"application": "kibana-.kibana",
"privileges": [
"feature_stackAlerts.all",
"feature_actions.read",
"feature_discover.all",
"feature_dashboard.all",
"feature_visualize.all",
"feature_apm.all",
"feature_dev_tools.all",
"feature_advancedSettings.read",
"feature_indexPatterns.all",
"feature_savedObjectsManagement.all"
],
"resources": [
"space:MY_SPACE"
]
}
],
"run_as": [],
"metadata": {},
"transient_metadata": {
"enabled": true
}
}
}
Another, additional role grants the user the following permissions:
{
"ANOTHER_ROLE": {
"cluster": [
"manage_pipeline"
],
"indices": [
{
"names": [
"logs-*"
],
"privileges": [
"view_index_metadata",
"read"
],
"allow_restricted_indices": false
},
{
"names": [
"logs-apm*",
".ml-anomalies*",
"traces-apm*",
"observability-annotations",
"metrics-apm*"
],
"privileges": [
"view_index_metadata",
"read"
],
"allow_restricted_indices": false
}
],
"run_as": [],
"metadata": {
"terraform_managed": true
},
"transient_metadata": {
"enabled": true
}
}
}