|
|
@@ -5,39 +5,97 @@
|
|
|
<titleabbrev>Setup</titleabbrev>
|
|
|
++++
|
|
|
|
|
|
-To use the {transforms}, you must have the
|
|
|
-{subscriptions}[appropriate license] and at least one
|
|
|
-<<transform-setup-nodes,{transform} node>> in your {es} cluster. If {stack}
|
|
|
-{security-features} are enabled, you must also ensure your users have the
|
|
|
-<<transform-privileges,necessary privileges>>.
|
|
|
-
|
|
|
[discrete]
|
|
|
-[[transform-setup-nodes]]
|
|
|
-== {transform-cap} nodes
|
|
|
+[[requirements-overview]]
|
|
|
+== Requirements overview
|
|
|
+
|
|
|
+To use {transforms}, you must have:
|
|
|
|
|
|
-To use {transforms}, there must be at least one {transform} node in your cluster.
|
|
|
-If you want to control which nodes run {transforms}, add or remove `transform`
|
|
|
-from the `node.roles` setting on some nodes. For more information, see
|
|
|
-<<modules-node>> and <<transform-settings>>.
|
|
|
+* at least one <<transform-node,{transform} node>>,
|
|
|
+* management features visible in the {kib} space, and
|
|
|
+* security privileges that:
|
|
|
++
|
|
|
+--
|
|
|
+* grant use of {transforms}, and
|
|
|
+* grant access to source and destination indices
|
|
|
+--
|
|
|
|
|
|
[discrete]
|
|
|
[[transform-privileges]]
|
|
|
== Security privileges
|
|
|
|
|
|
-The {es} {security-features} provide <<built-in-roles,built-in roles>>
|
|
|
-and <<security-privileges,privileges>> that make it easier to control
|
|
|
-which users can manage or view {transforms}.
|
|
|
+Assigning security privileges affects how users access {transforms}. Consider
|
|
|
+the two main categories:
|
|
|
+
|
|
|
+* *<<transform-es-security-privileges>>*: uses an {es} client, cURL, or {kib}
|
|
|
+**{dev-tools-app}** to access {transforms} via {es} APIs. This scenario requires
|
|
|
+{es} security privileges.
|
|
|
+* *<<transform-kib-security-privileges>>*: uses {transforms} in {kib}. This
|
|
|
+scenario requires {kib} feature privileges _and_ {es} security privileges.
|
|
|
+
|
|
|
+[discrete]
|
|
|
+[[transform-es-security-privileges]]
|
|
|
+=== {es} API user
|
|
|
|
|
|
-To _view_ the configuration and status of {transforms}, you must have:
|
|
|
+To _manage_ {transforms}, you must meet all of the following requirements:
|
|
|
|
|
|
-* `transform_user` built-in role or `monitor_transform`
|
|
|
-cluster privileges
|
|
|
+* `transform_admin` built-in role or `manage_transform` cluster privileges,
|
|
|
+* `read` and `view_index_metadata` index privileges on source indices, and
|
|
|
+* `create_index`, `index`, `manage`, and `read` index privileges on destination
|
|
|
+indices
|
|
|
|
|
|
-To _manage_ {transforms}, you must have:
|
|
|
+To view only the configuration and status of {transforms}, you must have:
|
|
|
+
|
|
|
+* `transform_user` built-in role or `monitor_transform` cluster privileges
|
|
|
+
|
|
|
+For more information about {es} roles and privileges, refer to
|
|
|
+<<built-in-roles>> and <<security-privileges>>.
|
|
|
+
|
|
|
+[discrete]
|
|
|
+[[transform-kib-security-privileges]]
|
|
|
+=== {kib} user
|
|
|
+
|
|
|
+Within a {kib} space, for full access to {transforms}, you must meet all of the
|
|
|
+following requirements:
|
|
|
+
|
|
|
+* Management features visible in the {kib} space, including
|
|
|
+`Data View Management` and `Stack Monitoring`,
|
|
|
+* `monitoring_user` built-in role,
|
|
|
+* `transform_admin` built-in role or `manage_transform` cluster privileges,
|
|
|
+* `kibana_admin` built-in role or a custom role with `read` or `all` {kib}
|
|
|
+privileges for the `Data View Management` feature (dependent on whether data
|
|
|
+views already exist for your destination indices),
|
|
|
+* data views for your source indices,
|
|
|
+* `read` and `view_index_metadata` index privileges on source indices, and
|
|
|
+* `create_index`, `index`, `manage`, and `read` index privileges on destination
|
|
|
+indices
|
|
|
+
|
|
|
+Within a {kib} space, for read-only access to {transforms}, you must meet all of
|
|
|
+the following requirements:
|
|
|
+
|
|
|
+* Management features visible in the {kib} space, including `Stack Monitoring`,
|
|
|
+* `monitoring_user` built-in role,
|
|
|
+* `transform_user` built-in role or `monitor_transform` cluster privileges,
|
|
|
+* `kibana_admin` built-in role or a custom role with `read` {kib} privileges
|
|
|
+for at least one feature in the space,
|
|
|
+* data views for your source and destination indices, and
|
|
|
+* `read`, and `view_index_metadata` index privileges on source indices and
|
|
|
+destination indices
|
|
|
+
|
|
|
+For more information and {kib} security features, see
|
|
|
+{kibana-ref}/kibana-role-management.html[{kib} role management] and
|
|
|
+{kibana-ref}/kibana-privileges.html[{kib} privileges].
|
|
|
+
|
|
|
+
|
|
|
+[discrete]
|
|
|
+[[transform-kib-spaces]]
|
|
|
+== {kib} spaces
|
|
|
|
|
|
-* `transform_admin` built-in role or `manage_transform`
|
|
|
-cluster privileges
|
|
|
-* `read` and `view_index_metadata` index privileges on source indices
|
|
|
-* `read`, `create_index`, and `index` index privileges on destination indices
|
|
|
+{kibana-ref}/xpack-spaces.html[Spaces] enable you to organize your source and
|
|
|
+destination indices and other saved objects in {kib} and to see only the objects
|
|
|
+that belong to your space. However, this limited scope does not apply to
|
|
|
+{transforms}; they are visible in all spaces.
|
|
|
|
|
|
-For more information, see <<security-privileges>> and <<built-in-roles>>.
|
|
|
+To successfully create {transforms} in {kib}, you must be logged into a space
|
|
|
+where the source indices are visible and the `Data View Management` and
|
|
|
+`Stack Monitoring` features are visible.
|
Lisa Cawley