Home Explore Help
Sign In
lqb
/
elasticsearch
mirror of https://gitee.com/mirrors/elasticsearch.git
1
0
Fork 0
Files Issues 0 Wiki
Tree: d48e1a2488
Branches Tags
elasticsearch
/
docs
/
reference
/
transform
/
setup.asciidoc

setup.asciidoc 4.0 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107 
  1. [role="xpack"]
    2. 

  2. [[transform-setup]]
    3. 

  3. = Set up {transforms}
    4. 

  4. ++++
    5. 

  5. <titleabbrev>Setup</titleabbrev>
    6. 

  6. ++++
    7. 

  7. 

  8. [discrete]
    9. 

  9. [[requirements-overview]]
    10. 

  10. == Requirements overview
    11. 

  11. 

  12. To use {transforms}, you must have:
    13. 

  13. 

  14. * at least one <<transform-node,{transform} node>>,
    15. 

  15. * management features visible in the {kib} space, and
    16. 

  16. * security privileges that:
    17. 

  17. +
    18. 

  18. --
    19. 

  19. * grant use of {transforms}, and
    20. 

  20. * grant access to source and destination indices
    21. 

  21. --
    22. 

  22. 

  23. [discrete]
    24. 

  24. [[transform-privileges]]
    25. 

  25. == Security privileges
    26. 

  26. 

  27. Assigning security privileges affects how users access {transforms}. Consider
    28. 

  28. the two main categories:
    29. 

  29. 

  30. * *<<transform-es-security-privileges>>*: uses an {es} client, cURL, or {kib}
    31. 

  31. **{dev-tools-app}** to access {transforms} via {es} APIs. This scenario requires
    32. 

  32. {es} security privileges.
    33. 

  33. * *<<transform-kib-security-privileges>>*: uses {transforms} in {kib}. This
    34. 

  34. scenario requires {kib} feature privileges _and_ {es} security privileges.
    35. 

  35. 

  36. [discrete]
    37. 

  37. [[transform-es-security-privileges]]
    38. 

  38. === {es} API user
    39. 

  39. 

  40. To _manage_ {transforms}, you must meet all of the following requirements:
    41. 

  41. 

  42. * `transform_admin` built-in role or `manage_transform` cluster privileges,
    43. 

  43. * `read` and `view_index_metadata` index privileges on source indices, and
    44. 

  44. * `create_index`, `index`, `manage`, and `read` index privileges on destination
    45. 

  45. indices. If a `retention_policy` is configured, `delete` index privilege is
    46. 

  46. also required on the destination index.
    47. 

  47. 

  48. To view only the configuration and status of {transforms}, you must have:
    49. 

  49. 

  50. * `transform_user` built-in role or `monitor_transform` cluster privileges
    51. 

  51. 

  52. For more information about {es} roles and privileges, refer to
    53. 

  53. <<built-in-roles>> and <<security-privileges>>.
    54. 

  54. 

  55. [discrete]
    56. 

  56. [[transform-kib-security-privileges]]
    57. 

  57. === {kib} user
    58. 

  58. 

  59. Within a {kib} space, for full access to {transforms}, you must meet all of the
    60. 

  60. following requirements:
    61. 

  61. 

  62. *  Management features visible in the {kib} space, including
    63. 

  63. `Data View Management` and `Stack Monitoring`,
    64. 

  64. * `monitoring_user` built-in role,
    65. 

  65. * `transform_admin` built-in role or `manage_transform` cluster privileges,
    66. 

  66. * `kibana_admin` built-in role or a custom role with `read` or `all` {kib}
    67. 

  67. privileges for the `Data View Management` feature (dependent on whether data
    68. 

  68. views already exist for your destination indices),
    69. 

  69. * data views for your source indices,
    70. 

  70. * `read` and `view_index_metadata` index privileges on source indices, and
    71. 

  71. * `create_index`, `index`, `manage`, and `read` index privileges on destination
    72. 

  72. indices. Additionally, when using a `retention_policy`, `delete` index privilege is required
    73. 

  73. on destination indices.
    74. 

  74. * `read_pipeline` cluster privileges, if the {transform} uses an ingest pipeline
    75. 

  75. 

  76. Within a {kib} space, for read-only access to {transforms}, you must meet all of
    77. 

  77. the following requirements:
    78. 

  78. 

  79. * Management features visible in the {kib} space, including `Stack Monitoring`,
    80. 

  80. * `monitoring_user` built-in role,
    81. 

  81. * `transform_user` built-in role or `monitor_transform` cluster privileges,
    82. 

  82. * `kibana_admin` built-in role or a custom role with `read` {kib} privileges
    83. 

  83. for at least one feature in the space,
    84. 

  84. * data views for your source and destination indices, and
    85. 

  85. * `read`, and `view_index_metadata` index privileges on source indices and
    86. 

  86. destination indices
    87. 

  87. 

  88. For more information and {kib} security features, see
    89. 

  89. {kibana-ref}/kibana-role-management.html[{kib} role management] and
    90. 

  90. {kibana-ref}/kibana-privileges.html[{kib} privileges].
    91. 

  91. 

  92. 

  93. [discrete]
    94. 

  94. [[transform-kib-spaces]]
    95. 

  95. == {kib} spaces
    96. 

  96. 

  97. {kibana-ref}/xpack-spaces.html[Spaces] enable you to organize your source and
    98. 

  98. destination indices and other saved objects in {kib} and to see only the objects
    99. 

  99. that belong to your space. However, a {transform} is a long running task which 
    100. 

  100. is managed on cluster level and therefore not limited in scope to certain 
    101. 

  101. spaces. Space awareness can be implemented for a {data-source} under 
    102. 

  102. **Stack Management > Kibana** which allows privileges to the {transform} 
    103. 

  103. destination index.
    104. 

  104. 

  105. To successfully create {transforms} in {kib}, you must be logged into a space
    106. 

  106. where the source indices are visible and the `Data View Management` and
    107. 

  107. `Stack Monitoring` features are visible.
    108.