Skip to main content
Version: 1.3.x

Elasticsearch privileges

If your Elasticsearch access is restricted by roles, you will need to make sure the right roles exist for TSB components.

OAP

For OAP, the necessary role permissions are described in the JSON below.

{
"cluster": ["manage_index_templates", "monitor"],
"indices": [
{
"names": ["skywalking_*"],
"privileges": ["manage", "read", "write"],
"allow_restricted_indices": false
}
],
"applications": [],
"run_as": [],
"metadata": {},
"transient_metadata": {
"enabled": true
}
}

You can use cURL, Kibana console or any other tool to post this to the Elasticsearch server to create the role, then you can assign the role to the user OAP will be using.

Zipkin

For Zipkin, the necessary role permissions are described in the JSON below.

{
"cluster": ["manage_index_templates", "monitor"],
"indices": [
{
"names": ["zipkin_*"],
"privileges": ["manage", "read", "write"],
"allow_restricted_indices": false
}
],
"applications": [],
"run_as": [],
"metadata": {},
"transient_metadata": {
"enabled": true
}
}