Skip to content

Commit 9d01017

Browse files
legregolegrego
authored
Grants kibana_system the ability to forcemerge certain indices.
1 parent c58a727 commit 9d01017

File tree

2 files changed

+6
-1
lines changed

2 files changed

+6
-1
lines changed

x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authz/store/KibanaOwnedReservedRoleDescriptors.java

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -334,7 +334,8 @@ static RoleDescriptor kibanaSystem(String name) {
334334
TransportUpdateSettingsAction.TYPE.name(),
335335
TransportPutMappingAction.TYPE.name(),
336336
RolloverAction.NAME,
337-
"indices:admin/data_stream/lifecycle/put"
337+
"indices:admin/data_stream/lifecycle/put",
338+
"indices:admin/forcemerge"
338339
)
339340
.build(),
340341
// Endpoint specific action responses. Kibana reads and writes (for third party

x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/security/authz/store/ReservedRolesStoreTests.java

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1385,6 +1385,10 @@ public void testKibanaSystemRole() {
13851385
kibanaRole.indices().allowedIndicesMatcher("indices:admin/data_stream/lifecycle/put").test(indexAbstraction),
13861386
is(true)
13871387
);
1388+
assertThat(
1389+
kibanaRole.indices().allowedIndicesMatcher("indices:admin/forcemerge").test(indexAbstraction),
1390+
is(true)
1391+
);
13881392

13891393
// Implied by the overall view_index_metadata and monitor privilege
13901394
assertViewIndexMetadata(kibanaRole, indexName);

0 commit comments

Comments
 (0)