Granting access to Stack Management features

You define roles and set user privileges at different levels to grant access to each of the Elastic Stack features.

Cross-cluster replication

The cross-cluster replication user requires different cluster and index privileges on the remote cluster and local cluster.

On the remote cluster that contains the leader index, the cross-cluster replication user requires read_ccr cluster privilege and monitor and read privileges on the leader index.

  1. ccr_user:
  2.   cluster:
  3.     - read_ccr
  4.   indices:
  5.     - names: [ 'leader-index' ]
  6.       privileges:
  7.         - monitor
  8.         - read

On the local cluster that contains the follower index, the cross-cluster replication user requires the manage_ccr cluster privilege and monitor, read, write and manage_follow_index privileges on the follower index.

  1. ccr_user:
  2.   cluster:
  3.     - manage_ccr
  4.   indices:
  5.     - names: [ 'follower-index' ]
  6.       privileges:
  7.         - monitor
  8.         - read
  9.         - write
  10.         - manage_follow_index

If you are managing connecting to the remote cluster using the cluster update settings API, you will also need a user with the all cluster privilege.