Supported RBAC Actions Reference
A reference list of the Actions for RBAC configuration
The following table lists and describes the set of available Actions values for the RBAC controls.
| Action | Definition |
|---|---|
| * | All actions |
| s3:* | Ability to access cloud object storage if granted permissions in the IAM Policy and API calls to the Chaos Index® |
| s3:aws:* | Ability to access cloud object storage if given permissions in the IAM Policy |
| s3:aws:CreateBucket | Ability to create a new S3 bucket |
| s3:aws:ListBuckets | Ability to list the S3 buckets |
| s3:aws:ListBucket | Ability to list contents of an S3 bucket |
| s3:aws:DeleteBucket | Ability to delete an S3 bucket |
| s3:aws:GetBucketPolicy | Ability to display the policy of a bucket |
| s3:aws:GetBucketLocation | Ability to display the region a bucket is in |
| s3:aws:GetBucketTagging | Ability to display the tag set associated with a bucket |
| s3:aws:CopyObject | Ability to copy an object already stored in S3 |
| s3:aws:PutObject | Ability to add an object to a bucket |
| s3:aws:PutObjectTagging | Ability to supply the tag set for an object in a bucket |
| s3:aws:GetObject | Ability to retrieve objects from S3 |
| s3:aws:GetObjectAcl | Ability to retrieve the ACL for an object in S3 |
| s3:aws:GetObjectTagging | Ability to return the tag set of an object |
| s3:aws:DeleteObject | Ability to remove an object from a bucket |
| s3:aws:RenameObject | Ability to rename an object in a bucket |
| s3:chaos:* | Ability to access the ChaosSearch Admin API |
| s3:chaos:cache:reset | |
| s3:chaos:bulk_metadata | |
| s3:chaos:discover | |
| s3:chaos:field_caps | |
| s3:chaos:field_samples | |
| s3:chaos:import_bucket | Ability to import a cloud-storage bucket in the Storage tab of the console |
| s3:chaos:inspect | |
| s3:chaos:model | |
| s3:chaos:metadata | |
| s3:chaos:native_group:create | Ability to create real-time object groups |
| s3:chaos:object_group:create | Ability to create ChaosSearch object groups |
| s3:chaos:object_group:update | Ability to update ChaosSearch object groups |
| s3:chaos:partition_keys | Ability to define and manage object group isolation keys |
| s3:chaos:view:create | Ability to create ChaosSearch views |
| s3:chaos:view:update | Ability to update ChaosSearch views |
| s3:chaos:cpg_indices | |
| elastic:* | Ability to access the Elasticsearch API |
| elastic:opendistro:* | Ability to access the Elasticsearch API |
| elastic-opendistro:* | Ability to access the Elasticsearch API |
| chaos:* | Ability to access all replica, query, and theme settings |
| chaos:datasets:reload | |
| chaos:datasets:replace | |
| chaos:replica:* | Ability to access all replica information (that is, compute allocation), initiate burst operations, and see the compute status |
| chaos:replica:burst | Ability to use burst (displays the Burst button on the console) |
| chaos:replica:status | Ability to see how many compute resources are allocated |
| chaos:replica:unknown | |
| chaos:query:* | Full access to query permissions |
| chaos:query:status | Ability to access the Query progress bar |
| chaos:query:migrate | |
| chaos:query:cancel | Ability to cancel a query (displays the Cancel button on the console) |
| chaos:query:pause | |
| chaos:query:quiesce | |
| chaos:query:get_task | |
| chaos:query:admin | |
| chaos:rolearn:validate | Ability to test the supplied role ARN for the user in the UI |
| chaos:tasks:admin | |
| chaos:theme:user | Ability to change the color scheme of the ChaosSearch UI |
| chaos:user:apikeys | Ability to view/change/use the API Access keys |
| chaos:user:credentials | Ability to view/change/modify the role ARN for the user |
| chaos:admin:metrics | |
| chaos:query:export:submit | Ability to submit Bulk Export queries |
| chaos:query:export:status | Ability to display Bulk Export status information |
| chaos:query:export:list | Ability to list the Bulk Export jobs |
| chaos:query:export:cancel | Ability to cancel a Bulk Export job |
| kibana:* | Full access to Search Analytics (formerly Kibana) permissions |
| kibana:saved-objects:* | Ability to manage all aspects of Search Analytics saved objects |
| kibana:saved-objects:read | Ability to view Search Analytics saved objects |
| kibana:saved-objects:create | Ability to create Search Analytics saved objects |
| kibana:saved-objects:update | Ability to update Search Analytics saved objects |
| kibana:saved-objects:delete | Ability to delete Search Analytics saved objects |
| kibana:query | Ability to use Search Analytics Discover |
| kibana-management:* | Ability to manage Search Analytics objects |
| kibana-management:import:* | Ability to import Search Analytics objects |
| kibana-management:export:* | Ability to export Search Analytics objects |
| kibana-settings:read | Ability to access Visualizations and Dashboards on the Search Analytics page |
| kibana-settings:write | Ability to create Visualizations and Dashboards on the Search Analytics page |
| kibana-opendistro:* | Ability to create Alerts on the Search Analytics page |
| kibana-opendistro:alerting | Ability to manage Search Analytics alerts |
| kibana-opendistro:alerting:* | All Search Analytics alerting permissions |
| kibana-opendistro:alerting:indices | Ability to see Search Analytics alert history |
| kibana-opendistro:alerting:settings | Ability to manage settings for Search Analytics alerts |
| kibana-opendistro:alerting:alerts:* | Ability to manage Search Analytics alerts |
| kibana-opendistro:alerting:alerts:read | Ability to view Search Analytics alerts |
| kibana-opendistro:alerting:alerts:update | Ability to update Search Analytics alerts |
| kibana-opendistro:alerting:destinations:* | Ability to manage Search Analytics destinations |
| kibana-opendistro:alerting:destinations:create | Ability to create Search Analytics destinations |
| kibana-opendistro:alerting:destinations:read | Ability to see/view Search Analytics destinations |
| kibana-opendistro:alerting:destinations:update | Ability to update Search Analytics destinations |
| kibana-opendistro:alerting:destinations:delete | Ability to delete Search Analytics destinations |
| kibana-opendistro:alerting:monitors:* | Ability to manage Search Analytics monitors |
| kibana-opendistro:alerting:monitors:execute | Ability to test/enable Search Analytics monitors |
| kibana-opendistro:alerting:monitors:create | Ability to create Search Analytics monitors |
| kibana-opendistro:alerting:monitors:read | Ability to see/view Search Analytics monitors |
| kibana-opendistro:alerting:monitors:update | Ability to update Search Analytics monitors |
| kibana-opendistro:alerting:monitors:delete | Ability to delete Search Analytics monitors |
| super:* | Ability to use SQL Analytics and the Apache Superset features |
| ui:* | Ability to access to all tabs of the ChaosSearch UI |
| ui:storage | Ability to access Storage in the console |
| ui:refinery | Ability to access Views in the console |
| ui:analytics | Ability to access Search Analytics in the console |
| ui:sql | Ability to access SQL Analytics in the console |
| ui:gai | Ability to access Chaos Assistant in the console |
| ui:dashboard | Ability to access System Dashboard in the console |
| ui:export | Ability to access the Bulk Export page in the console |
| gai:* | Ability to use Chaos Assistant and the generative AI console |
Updated 9 months ago