Skip to content

Commit 82aabdd

Browse files
kaituokaituo
committed
Update forecast roles and permissions
The forecast_read_access and forecast_full_access roles in config/roles.yml have been updated with the correct permissions for the forecasting feature. Forecasting system indices have been added in https://github.com/opensearch-project/anomaly-detection/blob/main/src/main/java/org/opensearch/timeseries/TimeSeriesAnalyticsPlugin.java#L1722 Signed-off-by: Kaituo Li <kaituo@amazon.com>
1 parent b25deca commit 82aabdd

File tree

1 file changed

+42
-0
lines changed

1 file changed

+42
-0
lines changed

config/roles.yml

Lines changed: 42 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -492,3 +492,45 @@ search_relevance_read_access:
492492
- 'cluster:admin/opensearch/search_relevance/judgment/get'
493493
- 'cluster:admin/opensearch/search_relevance/queryset/get'
494494
- 'cluster:admin/opensearch/search_relevance/search_configuration/get'
495+
496+
# Allow users to read Forecast resources
497+
forecast_read_access:
498+
reserved: true
499+
cluster_permissions:
500+
- 'cluster:admin/plugin/forecast/forecasters/info'
501+
- 'cluster:admin/plugin/forecast/forecasters/search'
502+
- 'cluster:admin/plugin/forecast/forecasters/get'
503+
- 'cluster:admin/plugin/forecast/result/topForecasts'
504+
- 'cluster:admin/plugin/forecast/forecaster/stats'
505+
- 'cluster:admin/plugin/forecast/tasks/search'
506+
- 'cluster:admin/plugin/forecast/forecaster/validate'
507+
- 'cluster:admin/plugin/forecast/forecaster/suggest'
508+
- 'cluster:admin/plugin/forecast/forecaster/info'
509+
index_permissions:
510+
- index_patterns:
511+
- 'opensearch-forecast-result*'
512+
allowed_actions:
513+
- 'indices:data/read*'
514+
- 'indices:admin/mappings/fields/get*'
515+
- 'indices:admin/resolve/index'
516+
517+
# Allows users to use all Forecasting functionality
518+
forecast_full_access:
519+
reserved: true
520+
cluster_permissions:
521+
- 'cluster:admin/plugin/forecast/*'
522+
- 'cluster:admin/settings/update'
523+
index_permissions:
524+
- index_patterns:
525+
- '*'
526+
allowed_actions:
527+
- 'indices:data/read*'
528+
- 'indices:admin/aliases/get'
529+
- 'indices:admin/mappings/fields/get*'
530+
- 'indices:admin/resolve/index'
531+
- 'indices:data/write*'
532+
- 'indices:data/read/field_caps*'
533+
- 'indices:data/read/search'
534+
- 'indices:admin/mapping/put'
535+
- 'indices:admin/mapping/get'
536+
- 'indices_monitor'

0 commit comments

Comments
 (0)