diff --git a/config/roles.yml b/config/roles.yml index 77906290a0..e307ee7de3 100644 --- a/config/roles.yml +++ b/config/roles.yml @@ -373,3 +373,26 @@ security_analytics_ack_alerts: reserved: true cluster_permissions: - 'cluster:admin/opensearch/securityanalytics/alerts/*' + +# Allows users to use all Flow Framework functionality +flow_framework_full_access: + reserved: true + cluster_permissions: + - 'cluster:admin/opensearch/flow_framework/*' + - 'cluster_monitor' + index_permissions: + - index_patterns: + - '*' + allowed_actions: + - 'indices:admin/aliases/get' + - 'indices:admin/mappings/get' + - 'indices_monitor' + +# Allow users to read flow framework's workflows and their state +flow_framework_read_access: + reserved: true + cluster_permissions: + - 'cluster:admin/opensearch/flow_framework/workflow/get' + - 'cluster:admin/opensearch/flow_framework/workflow/search' + - 'cluster:admin/opensearch/flow_framework/workflow_state/get' + - 'cluster:admin/opensearch/flow_framework/workflow_state/search' diff --git a/src/main/java/org/opensearch/security/tools/democonfig/SecuritySettingsConfigurer.java b/src/main/java/org/opensearch/security/tools/democonfig/SecuritySettingsConfigurer.java index b3644e6c4d..116373a38f 100644 --- a/src/main/java/org/opensearch/security/tools/democonfig/SecuritySettingsConfigurer.java +++ b/src/main/java/org/opensearch/security/tools/democonfig/SecuritySettingsConfigurer.java @@ -69,7 +69,10 @@ public class SecuritySettingsConfigurer { ".opendistro-asynchronous-search-response*", ".replication-metadata-store", ".opensearch-knn-models", - ".geospatial-ip2geo-data*" + ".geospatial-ip2geo-data*", + ".plugins-flow-framework-config", + ".plugins-flow-framework-templates", + ".plugins-flow-framework-state" ); static String ADMIN_PASSWORD = ""; static String ADMIN_USERNAME = "admin";