elastic · yetanothertw · Sep 1, 2025 · Aug 28, 2025 · Aug 29, 2025 · Sep 1, 2025
@@ -72,7 +72,7 @@ For example, the following `role_descriptors` object defines a `books-read-only`
 }
 ```
 
-For the `role_descriptors` object schema, check out the [`/_security/api_key` endpoint](https://www.elastic.co/docs/api/doc/elasticsearch-serverless/operation/operation-security-create-api-key) docs. For supported privileges, check [Security privileges](/deploy-manage/users-roles/cluster-or-deployment-auth/elasticsearch-privileges.md#privileges-list-indices).
+For the `role_descriptors` object schema, check out the [`/_security/api_key` endpoint](https://www.elastic.co/docs/api/doc/elasticsearch-serverless/operation/operation-security-create-api-key) docs. For supported privileges, check [Security privileges](elasticsearch://reference/elasticsearch/security-privileges.md#privileges-list-indices).
 
 
 ## Update an API key [api-keys-update-an-api-key]

@@ -88,7 +88,7 @@ When security is enabled, you grant users access to {{report-features}} with [{{
         If you use index aliases, you must also grant `read` and `view_index_metadata` privileges to underlying indices to generate CSV reports.
         :::
 
-        For more information, refer to [Security privileges](/deploy-manage/users-roles/cluster-or-deployment-auth/elasticsearch-privileges.md).
+        For more information, refer to [Security privileges](elasticsearch://reference/elasticsearch/security-privileges.md).
 
 3. Add the {{kib}} privileges.
 

@@ -30,8 +30,8 @@
 
 * To use {{kib}}'s **Snapshot and Restore** feature, you must have the following permissions:
 
-    * [Cluster privileges](/deploy-manage/users-roles/cluster-or-deployment-auth/elasticsearch-privileges.md#privileges-list-cluster): `monitor`, `manage_slm`, `cluster:admin/snapshot`, and `cluster:admin/repository`
-    * [Index privilege](/deploy-manage/users-roles/cluster-or-deployment-auth/elasticsearch-privileges.md#privileges-list-indices): `all` on the `monitor` index
+    * [Cluster privileges](elasticsearch://reference/elasticsearch/security-privileges.md#privileges-list-cluster): `monitor`, `manage_slm`, `cluster:admin/snapshot`, and `cluster:admin/repository`
+    * [Index privilege](elasticsearch://reference/elasticsearch/security-privileges.md#privileges-list-indices): `all` on the `monitor` index
 
 * You can only take a snapshot from a running cluster with an elected [master node](../../distributed-architecture/clusters-nodes-shards/node-roles.md#master-node-role).
 * A snapshot repository must be [registered](self-managed.md) and available to the cluster.
@@ -63,7 +63,7 @@
 
 ### {{slm-init}} security [slm-security]
 
-The following [cluster privileges](/deploy-manage/users-roles/cluster-or-deployment-auth/elasticsearch-privileges.md#privileges-list-cluster) control access to the {{slm-init}} actions when {{es}} {{security-features}} are enabled:
+The following [cluster privileges](elasticsearch://reference/elasticsearch/security-privileges.md#privileges-list-cluster) control access to the {{slm-init}} actions when {{es}} {{security-features}} are enabled:
 
 `manage_slm`
 :   Allows a user to perform all {{slm-init}} actions, including creating and updating policies and starting and stopping {{slm-init}}.
@@ -194,9 +194,9 @@
 For example, you can change the schedule, or snapshot retention-related configurations.


 ![change schedule](/manage-data/images/elasticsearch-reference-change-slm-schedule.png)

 ![change snapshot retention](/manage-data/images/elasticsearch-reference-change-slm-snapshot-retention.png)


 You can also update an {{slm-init}} policy using the [{{slm-init}} APIs](https://www.elastic.co/docs/api/doc/elasticsearch/group/endpoint-slm), as described in [Create an {{slm-init}} policy](#create-slm-policy).
@@ -258,7 +258,7 @@

 To delete a snapshot in {{kib}}, go to the **Snapshots** page and click the trash icon under the **Actions** column. To delete multiple snapshots at once, select the snapshots from the list and then click **Delete snaphshots**. 

 ![delete snapshot](/manage-data/images/elasticsearch-reference-delete-snapshots.png)

 You can also use the [delete snapshot API](https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-snapshot-delete).


@@ -28,8 +28,8 @@ This guide also provides tips for [restoring to another cluster](#restore-differ
 
 ## Prerequisites
 - To use Kibana’s Snapshot and Restore feature, you must have the following permissions:
-  - [Cluster privileges](/deploy-manage/users-roles/cluster-or-deployment-auth/elasticsearch-privileges.md#privileges-list-cluster): `monitor`, `manage_slm`, `cluster:admin/snapshot`, and `cluster:admin/repository`
-  - [Index privilege](/deploy-manage/users-roles/cluster-or-deployment-auth/elasticsearch-privileges.md#privileges-list-indices): `all` on the monitor index
+  - [Cluster privileges](elasticsearch://reference/elasticsearch/security-privileges.md#privileges-list-cluster): `monitor`, `manage_slm`, `cluster:admin/snapshot`, and `cluster:admin/repository`
+  - [Index privilege](elasticsearch://reference/elasticsearch/security-privileges.md#privileges-list-indices): `all` on the monitor index
 - You can only restore a snapshot to a running cluster with an elected [master node](/deploy-manage/distributed-architecture/clusters-nodes-shards/node-roles.md#master-node-role). The snapshot’s repository must be registered and available to the cluster.
 - The snapshot and cluster versions must be compatible. See [Snapshot compatibility](/deploy-manage/tools/snapshot-and-restore.md#snapshot-compatibility).
 - To restore a snapshot, the cluster’s global metadata must be writable. Ensure there aren’t any cluster blocks that prevent writes. The restore operation ignores index blocks.

@@ -23,8 +23,8 @@ In this guide, you’ll learn how to:
 
 * To use {{kib}}'s **Snapshot and Restore** feature, you must have the following permissions:
 
-    * [Cluster privileges](/deploy-manage/users-roles/cluster-or-deployment-auth/elasticsearch-privileges.md#privileges-list-cluster): `monitor`, `manage_slm`, `cluster:admin/snapshot`, and `cluster:admin/repository`
-    * [Index privilege](/deploy-manage/users-roles/cluster-or-deployment-auth/elasticsearch-privileges.md#privileges-list-indices): `all` on the `monitor` index
+    * [Cluster privileges](elasticsearch://reference/elasticsearch/security-privileges.md#privileges-list-cluster): `monitor`, `manage_slm`, `cluster:admin/snapshot`, and `cluster:admin/repository`
+    * [Index privilege](elasticsearch://reference/elasticsearch/security-privileges.md#privileges-list-indices): `all` on the `monitor` index
 
 * To register a snapshot repository, the cluster’s global metadata must be writeable. Ensure there aren’t any [cluster blocks](elasticsearch://reference/elasticsearch/configuration-reference/miscellaneous-cluster-settings.md#cluster-read-only) that prevent write access.
 

@@ -18,7 +18,7 @@ products:
 
 ## Data stream privileges [data-stream-privileges]
 
-Use [index privileges](/deploy-manage/users-roles/cluster-or-deployment-auth/elasticsearch-privileges.md#privileges-list-indices) to control access to a data stream. Granting privileges on a data stream grants the same privileges on its backing indices.
+Use [index privileges](elasticsearch://reference/elasticsearch/security-privileges.md#privileges-list-indices) to control access to a data stream. Granting privileges on a data stream grants the same privileges on its backing indices.
 
 For example, `my-data-stream` consists of two backing indices: `.ds-my-data-stream-2099.03.07-000001` and `.ds-my-data-stream-2099.03.08-000002`.
 
@@ -46,7 +46,7 @@ GET .ds-my-data-stream-2099.03.09-000003/_doc/2
 
 ## Alias privileges [index-alias-privileges]
 
-Use [index privileges](/deploy-manage/users-roles/cluster-or-deployment-auth/elasticsearch-privileges.md#privileges-list-indices) to control access to an [alias](../../../manage-data/data-store/aliases.md). Privileges on an index or data stream do not grant privileges on its aliases. For information about managing aliases, see [*Aliases*](../../../manage-data/data-store/aliases.md).
+Use [index privileges](elasticsearch://reference/elasticsearch/security-privileges.md#privileges-list-indices) to control access to an [alias](../../../manage-data/data-store/aliases.md). Privileges on an index or data stream do not grant privileges on its aliases. For information about managing aliases, see [*Aliases*](../../../manage-data/data-store/aliases.md).
 
 ::::{important}
 Don’t use [filtered aliases](../../../manage-data/data-store/aliases.md#filter-alias) in place of [document level security](controlling-access-at-document-field-level.md). {{es}} doesn’t always apply alias filters.

@@ -20,19 +20,19 @@ To create a role, open the menu, then click **Stack Management > Roles** and cli
 
 ## Required permissions [_required_permissions_7]
 
-The `manage_security` [cluster privilege](/deploy-manage/users-roles/cluster-or-deployment-auth/elasticsearch-privileges.md#privileges-list-cluster) is required to access role management.
+The `manage_security` [cluster privilege](elasticsearch://reference/elasticsearch/security-privileges.md#privileges-list-cluster) is required to access role management.
 
 ## Cluster privileges [adding_cluster_privileges]
 
 Cluster privileges grant access to monitoring and management features in {{es}}. They also enable [Stack Management](/deploy-manage/index.md) capabilities in {{kib}}.
 
-Refer to [cluster privileges](/deploy-manage/users-roles/cluster-or-deployment-auth/elasticsearch-privileges.md#privileges-list-cluster) for a complete description of available options.
+Refer to [cluster privileges](elasticsearch://reference/elasticsearch/security-privileges.md#privileges-list-cluster) for a complete description of available options.
 
 ## Index privileges [adding_index_privileges]
 
 Each role can grant access to multiple data indices, and each index can have a different set of privileges. We recommend granting the `read` and `view_index_metadata` privileges to each index that you expect your users to work with in {{kib}}.
 
-Refer to [index privileges](/deploy-manage/users-roles/cluster-or-deployment-auth/elasticsearch-privileges.md#privileges-list-indices) for a complete description of available options.
+Refer to [index privileges](elasticsearch://reference/elasticsearch/security-privileges.md#privileges-list-indices) for a complete description of available options.
 
 Document-level and field-level security affords you even more granularity when it comes to granting access to your data. With document-level security (DLS), you can write an {{es}} query to describe which documents this role grants access to. With field-level security (FLS), you can instruct {{es}} to grant or deny access to specific fields within each document.
 

@@ -187,7 +187,7 @@ The following describes the structure of a remote cluster permissions entry:
 ```
 
 1. A list of remote cluster aliases. It supports literal strings as well as [wildcards](elasticsearch://reference/elasticsearch/rest-apis/api-conventions.md#api-multi-index) and [regular expressions](elasticsearch://reference/query-languages/query-dsl/regexp-syntax.md). This field is required.
-2. The cluster level privileges for the remote cluster. The allowed values here are a subset of the [cluster privileges](/deploy-manage/users-roles/cluster-or-deployment-auth/elasticsearch-privileges.md#privileges-list-cluster). The [builtin privileges API](https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-security-get-builtin-privileges) can be used to determine which privileges are allowed here. This field is required.
+2. The cluster level privileges for the remote cluster. The allowed values here are a subset of the [cluster privileges](elasticsearch://reference/elasticsearch/security-privileges.md#privileges-list-cluster). The [builtin privileges API](https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-security-get-builtin-privileges) can be used to determine which privileges are allowed here. This field is required.
 
 
 ## Example [_example_9]
@@ -221,5 +221,5 @@ Based on the above definition, users owning the `clicks_admin` role can:
 * Within these document, only read the `category`, `@timestamp` and `message` fields.
 
 ::::{tip}
-View a complete list of available [cluster and indices privileges](/deploy-manage/users-roles/cluster-or-deployment-auth/elasticsearch-privileges.md).
+View a complete list of available [cluster and indices privileges](elasticsearch://reference/elasticsearch/security-privileges.md).
 ::::
@@ -77,7 +77,7 @@ Consider an admin role and an analyst role. The admin role has higher privileges
 
 This example uses the role management API, but a similar configuration can be set up using the [Create users](/deploy-manage/users-roles/cluster-or-deployment-auth/kibana-role-management.md) and [Users](/deploy-manage/users-roles/cluster-or-deployment-auth/native.md#managing-native-users) pages in {{kib}}. 
 
-1.  Create an admin role named `my_admin_role`. This role has `manage` [privileges](/deploy-manage/users-roles/cluster-or-deployment-auth/elasticsearch-privileges.md) on the entire cluster, and on a subset of indices. This role also contains the `run_as` privilege, which enables any user with this role to submit requests on behalf of the specified `analyst_user`.
+1.  Create an admin role named `my_admin_role`. This role has `manage` [privileges](elasticsearch://reference/elasticsearch/security-privileges.md) on the entire cluster, and on a subset of indices. This role also contains the `run_as` privilege, which enables any user with this role to submit requests on behalf of the specified `analyst_user`.
 
     You can set up a similar role using the [role management UI](/deploy-manage/users-roles/cluster-or-deployment-auth/kibana-role-management.md) in {{kib}} by selecting an `analyst_user` from the **Run As privileges** dropdown menu in the **Elasticsearch** section.
 

@@ -39,7 +39,7 @@ The authorization process revolves around the following constructs:
 :   A resource to which access is restricted. Indices, aliases, documents, fields, users, and the {{es}} cluster itself are all examples of secured objects.
 
 *Privilege*
-:   A named group of one or more actions that a user may execute against a secured resource. Each secured resource has its own sets of available privileges. For example, `read` is an index privilege that represents all actions that enable reading the indexed/stored data. For a complete list of available privileges, see [{{es}} privileges](/deploy-manage/users-roles/cluster-or-deployment-auth/elasticsearch-privileges.md).
+:   A named group of one or more actions that a user may execute against a secured resource. Each secured resource has its own sets of available privileges. For example, `read` is an index privilege that represents all actions that enable reading the indexed/stored data. For a complete list of available privileges, see [{{es}} privileges](elasticsearch://reference/elasticsearch/security-privileges.md).
 
 *Permissions*
 :   A set of one or more privileges against a secured resource. Permissions can easily be described in words, here are few examples:
@@ -68,7 +68,7 @@ Review these topics to learn how to configure RBAC in your cluster or deployment
 
 * Learn about [built-in roles](/deploy-manage/users-roles/cluster-or-deployment-auth/built-in-roles.md)
 * [Define your own roles](/deploy-manage/users-roles/cluster-or-deployment-auth/defining-roles.md)
-* Learn about the [Elasticsearch](/deploy-manage/users-roles/cluster-or-deployment-auth/elasticsearch-privileges.md) and [Kibana](/deploy-manage/users-roles/cluster-or-deployment-auth/kibana-privileges.md) privileges you can assign to roles
+* Learn about the [Elasticsearch](elasticsearch://reference/elasticsearch/security-privileges.md) and [Kibana](/deploy-manage/users-roles/cluster-or-deployment-auth/kibana-privileges.md) privileges you can assign to roles
 * Learn how to [control access at the document and field level](/deploy-manage/users-roles/cluster-or-deployment-auth/controlling-access-at-document-field-level.md)
 
 ### Assign roles to users

@@ -20,7 +20,7 @@ Roles are a collection of privileges that enable users to access project feature
 On this page, you'll learn about how to [manage custom roles in your project](#manage-custom-roles), the types of privileges you can assign, and how to [assign the roles](#assign-custom-roles) that you create.
 
 ::::{note}
-You cannot assign [run as privileges](/deploy-manage/users-roles/cluster-or-deployment-auth/elasticsearch-privileges.md#_run_as_privilege) in {{serverless-full}} custom roles.
+You cannot assign [run as privileges](elasticsearch://reference/elasticsearch/security-privileges.md#_run_as_privilege) in {{serverless-full}} custom roles.
 ::::
 
 :::{{admonition}} Custom roles in {{stack}}
@@ -42,7 +42,7 @@ Cluster privileges grant access to monitoring and management features in {{es}}.
 :screenshot:
 :::
 
-Refer to [cluster privileges](/deploy-manage/users-roles/cluster-or-deployment-auth/elasticsearch-privileges.md#privileges-list-cluster) for a complete description of available options.
+Refer to [cluster privileges](elasticsearch://reference/elasticsearch/security-privileges.md#privileges-list-cluster) for a complete description of available options.
 
 
 ## {{es}} index privileges [custom-roles-es-index-privileges]

@@ -225,7 +225,7 @@ POST _ml/datafeeds/feed1/_stop
 ```
 
 ::::{note}
-You must have `manage_ml`, or `manage` cluster privileges to stop {{dfeeds}}. For more information, see [Security privileges](../../../deploy-manage/users-roles/cluster-or-deployment-auth/elasticsearch-privileges.md).
+You must have `manage_ml`, or `manage` cluster privileges to stop {{dfeeds}}. For more information, see [Security privileges](elasticsearch://reference/elasticsearch/security-privileges.md).
 ::::
 
 A {{dfeed}} can be started and stopped multiple times throughout its lifecycle.
@@ -247,7 +247,7 @@ POST _ml/anomaly_detectors/job1/_close
 ```
 
 ::::{note}
-You must have `manage_ml`, or `manage` cluster privileges to stop {{anomaly-jobs}}. For more information, see [Security privileges](../../../deploy-manage/users-roles/cluster-or-deployment-auth/elasticsearch-privileges.md).
+You must have `manage_ml`, or `manage` cluster privileges to stop {{anomaly-jobs}}. For more information, see [Security privileges](elasticsearch://reference/elasticsearch/security-privileges.md).
 ::::
 
 If you submit a request to close an {{anomaly-job}} and its {{dfeed}} is running, the request first tries to stop the {{dfeed}}. This behavior is equivalent to calling the [stop {{dfeeds}} API](https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-ml-stop-datafeed) with the same `timeout` and `force` parameters as the close job request.

@@ -64,7 +64,7 @@ This feature is intended to make it easier to use your ML trained models. First,
 Trained models must be available in the current [Kibana Space](../../../deploy-manage/manage-spaces.md) and running in order to use them. By default, models should be available in all Kibana Spaces that have the **Analytics** > **Machine Learning** feature enabled. To manage your trained models, use the Kibana UI and navigate to **Stack Management → Machine Learning → Trained Models**. Spaces can be controlled in the **spaces** column. To stop or start a model, go to the **Machine Learning** tab in the **Analytics** menu of Kibana and click **Trained Models** in the **Model Management** section.
 
 ::::{note}
-The `monitor_ml` [Elasticsearch cluster privilege](../../../deploy-manage/users-roles/cluster-or-deployment-auth/elasticsearch-privileges.md) is required to manage ML models and ML {{infer}} pipelines which use those models.
+The `monitor_ml` [Elasticsearch cluster privilege](elasticsearch://reference/elasticsearch/security-privileges.md) is required to manage ML models and ML {{infer}} pipelines which use those models.
 
 ::::
 

@@ -120,4 +120,4 @@ Within a {{kib}} space, to upload and import files in the **{{data-viz}}**, you
 * `ingest_admin` built-in role, or `manage_ingest_pipelines` cluster privilege
 * `create`, `create_index`, `manage` and `read` index privileges for destination indices
 
-For more information, see [Security privileges](../../deploy-manage/users-roles/cluster-or-deployment-auth/elasticsearch-privileges.md) and [{{kib}} privileges](../../deploy-manage/users-roles/cluster-or-deployment-auth/kibana-privileges.md).
+For more information, see [Security privileges](elasticsearch://reference/elasticsearch/security-privileges.md) and [{{kib}} privileges](../../deploy-manage/users-roles/cluster-or-deployment-auth/kibana-privileges.md).
-Original file line number
+Diff line change
@@ Expand Up @@
     }
     ```
-    For the `role_descriptors` object schema, check out the [`/_security/api_key` endpoint](https://www.elastic.co/docs/api/doc/elasticsearch-serverless/operation/operation-security-create-api-key) docs. For supported privileges, check [Security privileges](/deploy-manage/users-roles/cluster-or-deployment-auth/elasticsearch-privileges.md#privileges-list-indices).
+    For the `role_descriptors` object schema, check out the [`/_security/api_key` endpoint](https://www.elastic.co/docs/api/doc/elasticsearch-serverless/operation/operation-security-create-api-key) docs. For supported privileges, check [Security privileges](elasticsearch://reference/elasticsearch/security-privileges.md#privileges-list-indices).
     ## Update an API key [api-keys-update-an-api-key]
@@ Expand Down @@