Doc changes for stack management and grouped feature privileges (#80486)

Co-authored-by: Kaarina Tungseth <kaarina.tungseth@elastic.co> Co-authored-by: gchaps <33642766+gchaps@users.noreply.github.com>
elastic · Oct 27, 2020 · 8fa93bc · 8fa93bc
1 parent 313c026
commit 8fa93bc
Show file tree

Hide file tree

Showing 23 changed files with 63 additions and 2 deletions.
diff --git a/docs/management/advanced-options.asciidoc b/docs/management/advanced-options.asciidoc
@@ -11,6 +11,13 @@ values.
 . Enter a new value for the setting.
 . Click *Save changes*.
 
+[float]
+=== Required permissions
+
+The `Advanced Settings` {kib} privilege is required to access *Advanced Settings*.
+
+To add the privilege, open the menu, then click *Stack Management > Roles*.
+
 
 [float]
 [[settings-read-only-access]]

diff --git a/docs/management/alerting/alerts-and-actions-intro.asciidoc b/docs/management/alerting/alerts-and-actions-intro.asciidoc
@@ -24,3 +24,8 @@ The *Alerts and Actions* UI only shows alerts and connectors for the current spa
 can be managed through the <<watcher-ui, Watcher UI>>. See
 <<alerting-concepts-differences>> for more information.
 ============================================================================
+
+[float]
+=== Required permissions
+
+Access to alerts and actions is granted based on your privileges to alerting-enabled features. See <<alerting-security, Alerting Security>> for more information.
diff --git a/docs/management/managing-beats.asciidoc b/docs/management/managing-beats.asciidoc
@@ -29,6 +29,13 @@ more information, see https://www.elastic.co/subscriptions and
 enrollment and configuration process step by step the first time you use the
 Central Management UI.
 
+[float]
+=== Required permissions
+
+You must have the `beats_admin` role assigned to use **{beats} Central Management**
+
+To assign the role, open the menu, then click *Stack Management > Users*.
+
 
 [float]
 === Enroll {beats}

diff --git a/docs/management/managing-fields.asciidoc b/docs/management/managing-fields.asciidoc
@@ -7,6 +7,13 @@ the index patterns that retrieve your data from {es}.
 [role="screenshot"]
 image::images/management-index-patterns.png[]
 
+[float]
+=== Required permissions
+
+The `Index Pattern Management` {kib} privilege is required to access the *Index patterns* UI.
+
+To add the privilege, open the menu, then click *Stack Management > Roles*.
+
 [float]
 === Create an index pattern
 

diff --git a/docs/management/managing-saved-objects.asciidoc b/docs/management/managing-saved-objects.asciidoc
@@ -10,6 +10,16 @@ To get started, open the main menu, then click *Stack Management > Saved Objects
 [role="screenshot"]
 image::images/management-saved-objects.png[Saved Objects]
 
+[float]
+=== Required permissions
+
+The `Saved Objects Management` {kib} privilege is required to access the *Saved Objects* UI.
+
+To add the privilege, open the menu, then click *Stack Management > Roles*.
+
+NOTE:
+Granting access to Saved Objects Management will authorize users to manage all saved objects in {kib}, including objects that are managed by applications they may not otherwise be authorized to access.
+
 
 [float]
 [[managing-saved-objects-view]]

diff --git a/docs/spaces/images/edit-space-feature-visibility.png b/docs/spaces/images/edit-space-feature-visibility.png
diff --git a/docs/spaces/images/edit-space.png b/docs/spaces/images/edit-space.png
diff --git a/docs/spaces/images/space-selector.png b/docs/spaces/images/space-selector.png
diff --git a/docs/spaces/images/spaces-roles.png b/docs/spaces/images/spaces-roles.png
diff --git a/docs/spaces/index.asciidoc b/docs/spaces/index.asciidoc
@@ -25,6 +25,11 @@ Kibana supports spaces in several ways.  You can:
 * <<spaces-default-route, Configure a Space-level landing page>>
 * <<spaces-delete-started, Disable the Spaces feature>>
 
+[float]
+==== Required permissions
+
+The `kibana_admin` role or equivilent is required to manage **Spaces**.
+
 [float]
 [[spaces-managing]]
 === View, create, and delete spaces

diff --git a/docs/user/introduction.asciidoc b/docs/user/introduction.asciidoc
@@ -112,7 +112,7 @@ You can even choose which features to enable within each space. Don’t need
 Machine learning in your “Executive” space? Simply turn it off.
 
 [role="screenshot"]
-image::images/intro-spaces.jpg[]
+image::images/intro-spaces.png[Space selector screen]
 
 You can take this all one step further with Kibana’s security features, and
 control which users have access to each space. {kib} allows for fine-grained

diff --git a/docs/user/introduction/images/intro-spaces.jpg b/docs/user/introduction/images/intro-spaces.jpg
diff --git a/docs/user/introduction/images/intro-spaces.png b/docs/user/introduction/images/intro-spaces.png
diff --git a/docs/user/management.asciidoc b/docs/user/management.asciidoc
@@ -6,6 +6,10 @@
 *Stack Management* is home to UIs for managing all things Elastic Stack&mdash;
 indices, clusters, licenses, UI settings, index patterns, spaces, and more.
 
+
+Access to individual features is governed by {es} and {kib} privileges.
+Consult your administrator if you do not have the appropriate access.
+
 [float]
 [[manage-ingest]]
 == Ingest

diff --git a/docs/user/security/authorization/index.asciidoc b/docs/user/security/authorization/index.asciidoc
@@ -12,7 +12,12 @@ NOTE: When running multiple tenants of {kib} by changing the `kibana.index` in y
 [[xpack-kibana-role-management]]
 === {kib} role management
 
-To create a role that grants {kib} privileges, open the main menu, click *Stack Management > Roles*, then click *Create role*. 
+To create a role that grants {kib} privileges, open the menu, then click *Stack Management > Roles* and click **Create role**.
+
+[float]
+==== Required permissions
+
+The `manage_security` cluster privilege is required to access role management.
 
 [[adding_kibana_privileges]]
 ==== Adding {kib} privileges

diff --git a/docs/user/security/images/add-space-privileges.png b/docs/user/security/images/add-space-privileges.png
diff --git a/docs/user/security/images/assign_base_privilege.png b/docs/user/security/images/assign_base_privilege.png
diff --git a/docs/user/security/images/assign_feature_privilege.png b/docs/user/security/images/assign_feature_privilege.png
diff --git a/docs/user/security/images/privilege-example-1.png b/docs/user/security/images/privilege-example-1.png
diff --git a/docs/user/security/images/role-space-visualization.png b/docs/user/security/images/role-space-visualization.png
diff --git a/docs/user/security/images/view-privilege-summary.png b/docs/user/security/images/view-privilege-summary.png
diff --git a/docs/user/security/index.asciidoc b/docs/user/security/index.asciidoc
@@ -10,6 +10,12 @@ auditing. For more information, see
 {ref}/secure-cluster.html[Secure a cluster] and
 <<using-kibana-with-security,Configuring Security in {kib}>>.
 
+[float]
+=== Required permissions
+
+The `manage_security` cluster privilege is required to access all Security features.
+
+
 [float]
 === Users
 

diff --git a/docs/user/security/role-mappings/index.asciidoc b/docs/user/security/role-mappings/index.asciidoc
@@ -19,6 +19,11 @@ With *Role mappings*, you can:
 [role="screenshot"]
 image:user/security/role-mappings/images/role-mappings-grid.png["Role mappings"]
 
+[float]
+==== Required permissions
+
+The `manage_security` cluster privilege is required to manage Role Mappings.
+
 
 [float]
 === Create a role mapping