You can restore snapshots to a running cluster, which includes all data streams and indices in the snapshot by default. However, you can choose to restore only the cluster state or specific data streams or indices from a snapshot.
If your cluster has Elasticsearch security features enabled, the restore API requires the
manage cluster privilege. There is no bespoke role for the restore process. This privilege is very permissive and should only
be granted to users in the "administrator" category. Specifically, it allows
malicious users to exfiltrate data to a location of their choosing. Automated
tools should not run as users with this privilege.