What is the best set of privileges for non-admin kibana user?

I've had advice on and seen postings that list different sets of privileges for the average kibana end-user but we're still getting errors which I'm sure are related to an incorrect set of privileges.

https://www.elastic.co/guide/en/shield/current/defining-roles.html states:

# Only read operations on indices named events_*
      privileges: read

https://www.elastic.co/guide/en/shield/current/_granting_privileges_for_specific_actions.html lists privileges for specific index actions.

https://www.elastic.co/guide/en/shield/current/kibana.html lists the privileges for a kibana user as a list of those actions.

What is the 'best' set for the following (I think obvious) use-case for a new non-admin kibana user to have granted to them:

  • Login (to Discover page)
  • Navigate to the Dashboard page
  • Open a pre-made dashboard with a set of visualizations based on their index-pattern
  • Create, edit and delete visualizations based on their index-pattern

Is this correct:

      - cluster:monitor/nodes/info
      - cluster:monitor/health
      - indices:admin/mappings/fields/get
      - indices:admin/validate/query
      - indices:data/read/search
      - indices:data/read/msearch
      - indices:admin/get
      - indices:admin/create
      - indices:admin/exists
      - indices:admin/mapping/put
      - indices:admin/mappings/fields/get
      - indices:admin/refresh
      - indices:admin/validate/query
      - indices:data/read/get
      - indices:data/read/mget
      - indices:data/read/search
      - indices:data/write/delete
      - indices:data/write/index
      - indices:data/write/update