[DOCS] Add the read_pipeline cluster privilege for winlogbeat and t…

…he `auto_configure` index privilege to beats documentation (#38534) * [DOCS] Removed reference to the Stack GS (#32119) * Update users.asciidoc Add the "read_pipeline" privilege for Winlogbeat too * [Docs] add auto_configure index privilege to the required permissions for beat agents * Update link that was broken --------- Co-authored-by: debadair <debadair@elastic.co> Co-authored-by: Andrew Kroh <andrew.kroh@elastic.co>
elastic · May 9, 2024 · edf4568 · edf4568
1 parent 8664cae
commit edf4568
Show file tree

Hide file tree

Showing 2 changed files with 18 additions and 3 deletions.
diff --git a/libbeat/docs/security/api-keys.asciidoc b/libbeat/docs/security/api-keys.asciidoc
@@ -33,7 +33,7 @@ POST /_security/api_key
       "index": [
         {
           "names": ["{beat_default_index_prefix}-*"],
-          "privileges": ["view_index_metadata", "create_doc"]
+          "privileges": ["view_index_metadata", "create_doc", "auto_configure"]
         }
       ]
     }

diff --git a/libbeat/docs/security/users.asciidoc b/libbeat/docs/security/users.asciidoc
@@ -233,8 +233,9 @@ To grant the required privileges:
 . Create a *writer role*, called something like +{beat_default_index_prefix}_writer+,
 that has the following privileges:
 +
-NOTE: The `monitor` cluster privilege and the `create_doc` privilege on
-+{beat_default_index_prefix}-*+ indices are required in every configuration.
+NOTE: The `monitor` cluster privilege and the `create_doc` and `auto_configure`
+privileges on +{beat_default_index_prefix}-*+ indices are required in every
+configuration.
 +
 [options="header"]
 |====
@@ -259,10 +260,24 @@ ifeval::["{beatname_lc}"=="filebeat"]
 |Check for ingest pipelines used by modules. Needed when using modules.
 endif::[]
 
+ifeval::["{beatname_lc}"=="winlogbeat"]
+|Cluster
+|`read_pipeline`
+|Check for ingest pipelines used by {beatname_uc}.
+endif::[]
+
 |Index
 |`create_doc` on +{beat_default_index_prefix}-*+ indices
 |Write events into {es}
+
+|Index
+|`auto_configure` on +{beat_default_index_prefix}-*+ indices
+|Update the datastream mapping. Consider either disabling entirely or adding the
+rule `-{beat_default_index_prefix}-*` to the cluster settings
+https://www.elastic.co/guide/en/elasticsearch/reference/current/docs-index_.html#index-creation[action.auto_create_index]
+to prevent unwanted indices creations from the agents.
 |====
+
 ifndef::apm-server[]
 +
 Omit any privileges that aren't relevant in your environment.