Watcher is getting http status code [401]

Hi, does anyone have the sample role configuration for watcher roles with shield. I can not see anywhere in the elasticsearch documentation the roles to be added for watcher in roles.yml. Very less information is available.
I installed shield first and then watcher. Ideally even though I installed watcher later the shield should have created the default roles in roles.yml but it didn't add any role. I tried to add the role 'watcher_admin' in the roles.yml file then created the user '_watcher_user' and make it admin in esusers realm but still getting 401 error while executing a watch.

Role added in roles.yml:
cluster: manage_watcher

User added:
./bin/shield/esusers useradd _watcher_user -p password -r watcher_admin

Nevermind, I think I resolved the issue.

What was the issue?

Can you share what the issue was? I too am getting 401 errs even though i have same watcher role, have a user mapped to that role, and create my watchess with that user. Also tried using the __watcher_user (adding to es realm, mapping to role, and creating watches with that id), since that id was highlighted in the Watcher docs. Neither method works. THks!