@@ -246,3 +246,47 @@ snapshot_management_read_access:
246246 - ' cluster:admin/opensearch/snapshot_management/policy/explain'
247247 - ' cluster:admin/repository/get'
248248 - ' cluster:admin/snapshot/get'
249+
250+ # Allows user to use point in time functionality
251+ point_in_time_full_access :
252+ reserved : true
253+ index_permissions :
254+ - index_patterns :
255+ - ' *'
256+ allowed_actions :
257+ - ' manage_point_in_time'
258+
259+ # Allows users to see security analytics detectors and others
260+ security_analytics_read_access :
261+ reserved : true
262+ cluster_permissions :
263+ - ' cluster:admin/opensearch/securityanalytics/alerts/get'
264+ - ' cluster:admin/opensearch/securityanalytics/detector/get'
265+ - ' cluster:admin/opensearch/securityanalytics/detector/search'
266+ - ' cluster:admin/opensearch/securityanalytics/findings/get'
267+ - ' cluster:admin/opensearch/securityanalytics/mapping/get'
268+ - ' cluster:admin/opensearch/securityanalytics/mapping/view/get'
269+ - ' cluster:admin/opensearch/securityanalytics/rule/get'
270+ - ' cluster:admin/opensearch/securityanalytics/rule/search'
271+
272+ # Allows users to use all security analytics functionality
273+ security_analytics_full_access :
274+ reserved : true
275+ cluster_permissions :
276+ - ' cluster:admin/opensearch/securityanalytics/alerts/*'
277+ - ' cluster:admin/opensearch/securityanalytics/detector/*'
278+ - ' cluster:admin/opensearch/securityanalytics/findings/*'
279+ - ' cluster:admin/opensearch/securityanalytics/mapping/*'
280+ - ' cluster:admin/opensearch/securityanalytics/rule/*'
281+ index_permissions :
282+ - index_patterns :
283+ - ' *'
284+ allowed_actions :
285+ - ' indices:admin/mapping/put'
286+ - ' indices:admin/mappings/get'
287+
288+ # Allows users to view and acknowledge alerts
289+ security_analytics_ack_alerts :
290+ reserved : true
291+ cluster_permissions :
292+ - ' cluster:admin/opensearch/securityanalytics/alerts/*'
0 commit comments