---
_meta:
  type: "roles"
  config_version: 2


indexes_full_access:
  reserved: false
  index_permissions:
    - index_patterns:
        - "*"
      allowed_actions:
        - "*"
  tenant_permissions:
  - tenant_patterns:
    - "*"
    allowed_actions:
    - "kibana_all_write"
# ----------------------------------------------------
indexes_security_search_full_access:
  reserved: true
  index_permissions:
    - index_patterns:
        - "kube-apiserver-audit-*"
        - "syslog-*"
      allowed_actions:
        - "indices:data/read/search*"
        - "read"
        - "view_index_metadata"
  tenant_permissions:
  - tenant_patterns:
    - "SECURITY"
    allowed_actions:
    - "kibana_all_write"
# ----------------------------------------------------
indexes_web_search_full_access:
  reserved: true
  index_permissions:
    - index_patterns:
        - "ingress-nginx-*"
        - "mywebapp-*"
      allowed_actions:
        - "indices:data/read/search*"
        - "read"
        - "view_index_metadata"
  tenant_permissions:
  - tenant_patterns:
    - "WEB"
    allowed_actions:
    - "kibana_all_write"
# ----------------------------------------------------
# Restrict users so they can only view visualization and dashboard on OpenSearchDashboards
kibana_read_only:
  reserved: true