After securing Winlogbeat, make sure your users have the roles (or associated privileges) required to use these Winlogbeat features. Note that some of the roles shown here are built-in, and some are user-defined.
Send data to a secured cluster
Load index templates
Load Winlogbeat dashboards into Kibana
Load machine learning jobs
Read indices created by Winlogbeat
View Winlogbeat dashboards in Kibana
Load index lifecycle policies and use index lifecycle management
[a] These roles are user-defined.
To create the user-defined roles shown here, see Configure authentication credentials and Grant users access to Winlogbeat indices. You may want to define additional roles to provide more restrictive access.