Skip to content

Commit ba1355f

Browse files
leemthompoleemthompo
committed
update roles and AI connector info
1 parent 72d5449 commit ba1355f

File tree

1 file changed

+5
-2
lines changed

1 file changed

+5
-2
lines changed

solutions/search/agent-builder/permissions.md

Lines changed: 5 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -8,7 +8,6 @@ applies_to:
88
navigation_title: "Permissions & access control"
99
---
1010

11-
1211
# Permissions and access control in {{agent-builder}}
1312

1413
Use this page to learn how to configure security roles and API keys for Agent Builder. Understanding these privileges helps you control who can use agents, which tools they can access, and what data they can query.
@@ -33,7 +32,7 @@ Learn more about [{{kib}} privileges](/deploy-manage/users-roles/cluster-or-depl
3332

3433
Agent Builder requires cluster-level privileges for AI-powered query generation:
3534

36-
- `monitor_inference`: Required for agents to use AI-powered tools. The built-in tools `search` and `generate_esql`, as well as [index search tools](tools/index-search-tools.md), call the {{es}} Inference API to generate queries from natural language.
35+
- `monitor_inference`: Required when the agent uses an AI connector that calls the {{es}} Inference API (such as the Elastic default LLM or other AI connectors configured to use the Inference API). The built-in tools `search` and `generate_esql`, as well as [index search tools](tools/index-search-tools.md), use this API to generate queries from natural language. This privilege is not required when the agent uses other {{kib}} GenAI connectors.
3736

3837
Learn more about [cluster privileges](https://www.elastic.co/guide/en/elasticsearch/reference/current/security-privileges.html#privileges-list-cluster).
3938

@@ -50,6 +49,10 @@ Learn more about [index privileges](elasticsearch://reference/elasticsearch/secu
5049

5150
[Roles](/deploy-manage/users-roles/cluster-or-deployment-auth/defining-roles.md) are {{es}} security constructs that bundle together {{kib}} feature privileges and {{es}} privileges. To grant users access to Agent Builder, create a role that includes the required privileges.
5251

52+
:::{note}
53+
When configuring roles in the {{kib}} UI, Agent Builder privileges are currently located under the **Analytics** section, not the {{es}} section.
54+
:::
55+
5356
Example role for users who need full Agent Builder access:
5457

5558
```json

0 commit comments

Comments
 (0)