[DOCS] Add the read_pipeline cluster privilege for winlogbeat and the auto_configure index privilege to beats documentation (#38534)

herrBez · debadair · andrewkroh · web-flow · commit edf456889886 · 2024-05-09T16:47:38.000+02:00
* [DOCS] Removed reference to the Stack GS (#32119) * Update users.asciidoc Add the "read_pipeline" privilege for Winlogbeat too * [Docs] add auto_configure index privilege to the required permissions for beat agents * Update link that was broken --------- Co-authored-by: debadair <debadair@elastic.co> Co-authored-by: Andrew Kroh <andrew.kroh@elastic.co>
diff --git a/libbeat/docs/security/api-keys.asciidoc b/libbeat/docs/security/api-keys.asciidoc
@@ -33,7 +33,7 @@ POST /_security/api_key
       "index": [
         {
           "names": ["{beat_default_index_prefix}-*"],
-          "privileges": ["view_index_metadata", "create_doc"]
+          "privileges": ["view_index_metadata", "create_doc", "auto_configure"]
         }
       ]
     }
diff --git a/libbeat/docs/security/users.asciidoc b/libbeat/docs/security/users.asciidoc
@@ -233,8 +233,9 @@ To grant the required privileges:
 . Create a *writer role*, called something like +{beat_default_index_prefix}_writer+,
 that has the following privileges:
 +
-NOTE: The `monitor` cluster privilege and the `create_doc` privilege on
-+{beat_default_index_prefix}-*+ indices are required in every configuration.
+NOTE: The `monitor` cluster privilege and the `create_doc` and `auto_configure`
+privileges on +{beat_default_index_prefix}-*+ indices are required in every
+configuration.
 +
 [options="header"]
 |====
@@ -259,10 +260,24 @@ ifeval::["{beatname_lc}"=="filebeat"]
 |Check for ingest pipelines used by modules. Needed when using modules.
 endif::[]
 
+ifeval::["{beatname_lc}"=="winlogbeat"]
+|Cluster
+|`read_pipeline`
+|Check for ingest pipelines used by {beatname_uc}.
+endif::[]
+
 |Index
 |`create_doc` on +{beat_default_index_prefix}-*+ indices
 |Write events into {es}
+
+|Index
+|`auto_configure` on +{beat_default_index_prefix}-*+ indices
+|Update the datastream mapping. Consider either disabling entirely or adding the
+rule `-{beat_default_index_prefix}-*` to the cluster settings
+https://www.elastic.co/guide/en/elasticsearch/reference/current/docs-index_.html#index-creation[action.auto_create_index]
+to prevent unwanted indices creations from the agents.
 |====
+
 ifndef::apm-server[]
 +
 Omit any privileges that aren't relevant in your environment.

Original file line number	Diff line number	Diff line change
`@@ -33,7 +33,7 @@ POST /_security/api_key`
`33`	`33`	`"index": [`
`34`	`34`	`{`
`35`	`35`	`"names": ["{beat_default_index_prefix}-*"],`
`36`		`- "privileges": ["view_index_metadata", "create_doc"]`
	`36`	`+ "privileges": ["view_index_metadata", "create_doc", "auto_configure"]`
`37`	`37`	`}`
`38`	`38`	`]`
`39`	`39`	`}`