From bde75d82bb42ee8be1cfaa1819f6e310a94845be Mon Sep 17 00:00:00 2001
From: RAJ CHAKRAVARTHI <49325334+raj-chak@users.noreply.github.com>
Date: Wed, 2 Nov 2022 13:30:25 -0400
Subject: [PATCH] roles yml changes for security-analytics plugin (#2192)

* roles yml changes for security-analytics plugin

Signed-off-by: Raj Chakravarthi <raj@icedome.ca>
Signed-off-by: Raj Chakravarthi <49325334+raj-chak@users.noreply.github.com>
(cherry picked from commit 89a11c5a165d9fc1a5412a3c2369d3b27869b305)
---
 config/roles.yml | 44 ++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 44 insertions(+)

diff --git a/config/roles.yml b/config/roles.yml
index 721349c086..1d081a5fd0 100644
--- a/config/roles.yml
+++ b/config/roles.yml
@@ -246,3 +246,47 @@ snapshot_management_read_access:
     - 'cluster:admin/opensearch/snapshot_management/policy/explain'
     - 'cluster:admin/repository/get'
     - 'cluster:admin/snapshot/get'
+
+# Allows user to use point in time functionality
+point_in_time_full_access:
+  reserved: true
+  index_permissions:
+    - index_patterns:
+        - '*'
+      allowed_actions:
+        - 'manage_point_in_time'
+
+# Allows users to see security analytics detectors and others
+security_analytics_read_access:
+  reserved: true
+  cluster_permissions:
+    - 'cluster:admin/opensearch/securityanalytics/alerts/get'
+    - 'cluster:admin/opensearch/securityanalytics/detector/get'
+    - 'cluster:admin/opensearch/securityanalytics/detector/search'
+    - 'cluster:admin/opensearch/securityanalytics/findings/get'
+    - 'cluster:admin/opensearch/securityanalytics/mapping/get'
+    - 'cluster:admin/opensearch/securityanalytics/mapping/view/get'
+    - 'cluster:admin/opensearch/securityanalytics/rule/get'
+    - 'cluster:admin/opensearch/securityanalytics/rule/search'
+
+# Allows users to use all security analytics functionality
+security_analytics_full_access:
+  reserved: true
+  cluster_permissions:
+    - 'cluster:admin/opensearch/securityanalytics/alerts/*'
+    - 'cluster:admin/opensearch/securityanalytics/detector/*'
+    - 'cluster:admin/opensearch/securityanalytics/findings/*'
+    - 'cluster:admin/opensearch/securityanalytics/mapping/*'
+    - 'cluster:admin/opensearch/securityanalytics/rule/*'
+  index_permissions:
+    - index_patterns:
+        - '*'
+      allowed_actions:
+        - 'indices:admin/mapping/put'
+        - 'indices:admin/mappings/get'
+
+# Allows users to view and acknowledge alerts
+security_analytics_ack_alerts:
+  reserved: true
+  cluster_permissions:
+    - 'cluster:admin/opensearch/securityanalytics/alerts/*'