The description for the kibana_system role has fallen out of date with its current permission set, and should be updated to better reflect reality.
|
"Grants access necessary for the Kibana system user to read from and write to the Kibana indices, " |
|
+ "manage index templates and tokens, and check the availability of the Elasticsearch cluster. " |
|
+ "It also permits activating, searching, and retrieving user profiles, " |
|
+ "as well as updating user profile data for the kibana-* namespace. " |
|
+ "Additionally, this role grants read access to the .monitoring-* indices " |
|
+ "and read and write access to the .reporting-* indices. " |
|
+ "Note: This role should not be assigned to users as the granted permissions may change between releases." |
Adding Team:Security label, but I expect @elastic/kibana-security to own this. We do not have our own team label in this repo.
