Security and SLM

Two built-in cluster privileges control access to the SLM actions when Elasticsearch security features are enabled:

manage_slm
Allows a user to perform all SLM actions, including creating and updating policies and starting and stopping SLM.
read_slm
Allows a user to perform all read-only SLM actions, such as getting policies and checking the SLM status.
cluster:admin/snapshot/*
Allows a user to take and delete snapshots of any index, whether or not they have access to that index.

You can create and manage roles to assign these privileges through Kibana Management.

To grant the privileges necessary to create and manage SLM policies and snapshots, you can set up a role with the manage_slm and cluster:admin/snapshot/* cluster privileges and full access to the SLM history indices.

For example, the following request creates an slm-admin role:

POST /_security/role/slm-admin
{
  "cluster": ["manage_slm", "cluster:admin/snapshot/*"],
  "indices": [
    {
      "names": [".slm-history-*"],
      "privileges": ["all"]
    }
  ]
}

To grant read-only access to SLM policies and the snapshot history, you can set up a role with the read_slm cluster privilege and read access to the snapshot lifecycle management history indices.

For example, the following request creates a slm-read-only role:

POST /_security/role/slm-read-only
{
  "cluster": ["read_slm"],
  "indices": [
    {
      "names": [".slm-history-*"],
      "privileges": ["read"]
    }
  ]
}