diff --git a/deploy-manage/kibana-reporting-configuration.md b/deploy-manage/kibana-reporting-configuration.md index d995bc0e1f..3208391c27 100644 --- a/deploy-manage/kibana-reporting-configuration.md +++ b/deploy-manage/kibana-reporting-configuration.md @@ -167,12 +167,12 @@ PUT :/api/security/role/custom_reporting_user If you are using an external identity provider, such as LDAP or Active Directory, you can assign roles to individual users or groups of users. Role mappings are configured in [`config/role_mapping.yml`](/deploy-manage/users-roles/cluster-or-deployment-auth/mapping-users-groups-to-roles.md). -For example, assign the `kibana_admin` and `reporting_user` roles to the Bill Murray user: +For example, assign the `kibana_admin` and `custom_reporting_user` roles to the Bill Murray user: ```yaml kibana_admin: - "cn=Bill Murray,dc=example,dc=com" -reporting_user: +custom_reporting_user: - "cn=Bill Murray,dc=example,dc=com" ``` diff --git a/deploy-manage/users-roles/cluster-or-deployment-auth/built-in-roles.md b/deploy-manage/users-roles/cluster-or-deployment-auth/built-in-roles.md index 49c0e3db44..494d262fd7 100644 --- a/deploy-manage/users-roles/cluster-or-deployment-auth/built-in-roles.md +++ b/deploy-manage/users-roles/cluster-or-deployment-auth/built-in-roles.md @@ -115,8 +115,10 @@ $$$built-in-roles-remote-monitoring-agent$$$ `remote_monitoring_agent` $$$built-in-roles-remote-monitoring-collector$$$ `remote_monitoring_collector` : Grants the minimum privileges required to collect monitoring data for the {{stack}}. -$$$built-in-roles-reporting-user$$$ `reporting_user` -: Grants the necessary privileges required to use {{reporting}} features in {{kib}}, including generating and downloading reports. This role implicitly grants access to all {{kib}} reporting features, with each user having access only to their own reports. Note that reporting users should also be assigned additional roles that grant read access to the [indices](/deploy-manage/users-roles/cluster-or-deployment-auth/role-structure.md#roles-indices-priv) that will be used to generate reports. +$$$built-in-roles-reporting-user$$$ `reporting_user` {applies_to}`stack: deprecated 9.0` +: This role is deprecated. Use [{{kib}} feature privileges](../../../deploy-manage/users-roles/cluster-or-deployment-auth/kibana-privileges.md#kibana-feature-privileges) instead. + + Grants the necessary privileges required to use {{reporting}} features in {{kib}}, including generating and downloading reports. This role implicitly grants access to all {{kib}} reporting features, with each user having access only to their own reports. Note that reporting users should also be assigned additional roles that grant read access to the [indices](/deploy-manage/users-roles/cluster-or-deployment-auth/role-structure.md#roles-indices-priv) that will be used to generate reports. $$$built-in-roles-rollup-admin$$$ `rollup_admin` : Grants `manage_rollup` cluster privileges, which enable you to manage and execute all rollup actions. diff --git a/troubleshoot/elasticsearch/remote-clusters.md b/troubleshoot/elasticsearch/remote-clusters.md index 043c819fb6..c8ad492d26 100644 --- a/troubleshoot/elasticsearch/remote-clusters.md +++ b/troubleshoot/elasticsearch/remote-clusters.md @@ -227,7 +227,7 @@ If the anonymous user does not the have necessary privileges to make a connectio ```txt org.elasticsearch.transport.RemoteTransportException: [remote-node][192.168.0.42:9309][cluster:internal/remote_cluster/handshake] -Caused by: org.elasticsearch.ElasticsearchSecurityException: action [cluster:internal/remote_cluster/handshake] is **unauthorized** for user [anonymous_foo] with effective roles [reporting_user], this action is granted by the cluster privileges [cross_cluster_search,cross_cluster_replication,manage,all] +Caused by: org.elasticsearch.ElasticsearchSecurityException: action [cluster:internal/remote_cluster/handshake] is **unauthorized** for user [anonymous_foo] with effective roles [kibana_admin], this action is granted by the cluster privileges [cross_cluster_search,cross_cluster_replication,manage,all] ``` If the anonymous user has necessary privileges, for example it is a superuser, the local cluster logs `requires channel profile to be [_remote_cluster], but got [default]`: