From 06efb11c3a04de59b81865efeda1db04335b05ce Mon Sep 17 00:00:00 2001
From: Orestis Floros <orestis.floros@elastic.co>
Date: Mon, 16 Dec 2024 11:51:41 +0100
Subject: [PATCH] allowRestrictedIndices

---
 .../xpack/security/authc/service/ServiceAccountIT.java          | 2 +-
 .../xpack/security/authc/service/ElasticServiceAccounts.java    | 1 +
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/x-pack/plugin/security/qa/service-account/src/javaRestTest/java/org/elasticsearch/xpack/security/authc/service/ServiceAccountIT.java b/x-pack/plugin/security/qa/service-account/src/javaRestTest/java/org/elasticsearch/xpack/security/authc/service/ServiceAccountIT.java
index 44cb0277719af..1118f67e861b2 100644
--- a/x-pack/plugin/security/qa/service-account/src/javaRestTest/java/org/elasticsearch/xpack/security/authc/service/ServiceAccountIT.java
+++ b/x-pack/plugin/security/qa/service-account/src/javaRestTest/java/org/elasticsearch/xpack/security/authc/service/ServiceAccountIT.java
@@ -330,7 +330,7 @@ public class ServiceAccountIT extends ESRestTestCase {
                     "maintenance",
                     "view_index_metadata"
                   ],
-                  "allow_restricted_indices": false
+                  "allow_restricted_indices": true
                 }
               ],
               "applications": [        {
diff --git a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authc/service/ElasticServiceAccounts.java b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authc/service/ElasticServiceAccounts.java
index 50074b01bd93c..5fccf2a66eac5 100644
--- a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authc/service/ElasticServiceAccounts.java
+++ b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authc/service/ElasticServiceAccounts.java
@@ -171,6 +171,7 @@ final class ElasticServiceAccounts {
                 RoleDescriptor.IndicesPrivileges.builder()
                     .indices(".agentless-*")
                     .privileges("read", "write", "monitor", "create_index", "auto_configure", "maintenance", "view_index_metadata")
+                    .allowRestrictedIndices(true)
                     .build(), },
             new RoleDescriptor.ApplicationResourcePrivileges[] {
                 RoleDescriptor.ApplicationResourcePrivileges.builder()