After securing Auditbeat, make sure your users have the roles (or associated privileges) required to use these Auditbeat features. Note that some of the roles shown here are built-in, and some are user-defined.
Send data to a secured cluster
Load index templates
Load Auditbeat dashboards into Kibana
Load machine learning jobs
Read indices created by Auditbeat
View Auditbeat dashboards in Kibana
Load index lifecycle policies and use index lifecycle management
[a] These roles are user-defined.
To create the user-defined roles shown here, see Configure authentication credentials and Grant users access to Auditbeat indices. You may want to define additional roles to provide more restrictive access.