Securing Beats docs unclear for Elastic Cloud users

[adriansr]

For confirmed bugs, please report:

• Version: 6.4.2
• Operating System: not applicable
• Discuss Forum URL: https://discuss.elastic.co/t/elasticsearch-permissions-required-by-filebeat/155185/3
• Steps to Reproduce:

User in above discuss link faced some trouble when following the docs for Securing Beats.

Docs for step 4, Set the password for the beats_system built-in user, make reference to a beats_system user that doesn't exist in Elastic Cloud. (A role beats_system exists, though).

User faced further problems due to this:

2018-11-02T18:03:21.874Z        ERROR   pipeline/output.go:121  Failed to publish 
events: 403 Forbidden: {"error":{"root_cause":[{"type":"security_exception",
"reason":"action [cluster:admin/xpack/monitoring/bulk] is unauthorized for user
 [filebeat]"}],"type":"security_exception","reason":"action 
[cluster:admin/xpack/monitoring/bulk] is unauthorized for user [filebeat]"},
"status":403}

This problem went away when adding the role beats_system to the user that was used by Filebeat.

[alastairs]

I just hit this issue myself. Please can the docs be updated to reflect this? It would also be really helpful if the log messages reference the privileges required to perform the action. The docs don't mention the string cluster:admin/xpack/monitoring/bulk anywhere so matching this information to find the required privileges or roles is nigh-on impossible.

I feel that there's been an overall decline in quality of the docs in the v7.x lifecycle, whereas the v6.x docs were adequate. I spent the entirety of yesterday fighting and fixing issues that arose as a result of inaccurate or incomplete docs.

[dedemorton]

Closed by #14028.