diff --git a/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authz/store/KibanaOwnedReservedRoleDescriptors.java b/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authz/store/KibanaOwnedReservedRoleDescriptors.java index 2573ac91d53c7..4dae8e84e6513 100644 --- a/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authz/store/KibanaOwnedReservedRoleDescriptors.java +++ b/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authz/store/KibanaOwnedReservedRoleDescriptors.java @@ -334,7 +334,8 @@ static RoleDescriptor kibanaSystem(String name) { TransportUpdateSettingsAction.TYPE.name(), TransportPutMappingAction.TYPE.name(), RolloverAction.NAME, - "indices:admin/data_stream/lifecycle/put" + "indices:admin/data_stream/lifecycle/put", + "indices:admin/forcemerge" ) .build(), // Endpoint specific action responses. Kibana reads and writes (for third party diff --git a/x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/security/authz/store/ReservedRolesStoreTests.java b/x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/security/authz/store/ReservedRolesStoreTests.java index 638c4df46dc8d..5449bdc897dd3 100644 --- a/x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/security/authz/store/ReservedRolesStoreTests.java +++ b/x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/security/authz/store/ReservedRolesStoreTests.java @@ -1385,6 +1385,10 @@ public void testKibanaSystemRole() { kibanaRole.indices().allowedIndicesMatcher("indices:admin/data_stream/lifecycle/put").test(indexAbstraction), is(true) ); + assertThat( + kibanaRole.indices().allowedIndicesMatcher("indices:admin/forcemerge").test(indexAbstraction), + is(true) + ); // Implied by the overall view_index_metadata and monitor privilege assertViewIndexMetadata(kibanaRole, indexName);