From 2932486cc50f928d1ec4bdb58be53f444b12e2ab Mon Sep 17 00:00:00 2001
From: Jackie Han <hnyng@amazon.com>
Date: Wed, 29 Jan 2025 03:05:45 -0800
Subject: [PATCH 1/3] add ingest pipeline and indices related permissions for
 anomaly_full_access role

Signed-off-by: Jackie Han <hnyng@amazon.com>
---
 config/roles.yml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/config/roles.yml b/config/roles.yml
index 51cd9006a1..9d4e6c7821 100644
--- a/config/roles.yml
+++ b/config/roles.yml
@@ -81,6 +81,8 @@ anomaly_full_access:
   cluster_permissions:
     - 'cluster:admin/opendistro/ad/*'
     - 'cluster_monitor'
+    - "cluster:admin/ingest/pipeline/put"
+    - "cluster:admin/ingest/pipeline/delete"
   index_permissions:
     - index_patterns:
         - '*'
@@ -90,6 +92,7 @@ anomaly_full_access:
         - 'indices:admin/mappings/fields/get*'
         - 'indices:admin/mappings/get'
         - 'indices:admin/resolve/index'
+        - 'indices:admin/setting/put'
         - 'indices:data/read/field_caps*'
         - 'indices:data/read/search'
         - 'indices_monitor'

From 220447bbb1a7ce67efbfb13475657f5c03f416eb Mon Sep 17 00:00:00 2001
From: Jackie Han <hnyng@amazon.com>
Date: Wed, 29 Jan 2025 03:08:59 -0800
Subject: [PATCH 2/3] cleanup

Signed-off-by: Jackie Han <hnyng@amazon.com>
---
 config/roles.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/config/roles.yml b/config/roles.yml
index 9d4e6c7821..c760c5f3a5 100644
--- a/config/roles.yml
+++ b/config/roles.yml
@@ -79,10 +79,10 @@ anomaly_read_access:
 anomaly_full_access:
   reserved: true
   cluster_permissions:
-    - 'cluster:admin/opendistro/ad/*'
-    - 'cluster_monitor'
     - "cluster:admin/ingest/pipeline/put"
     - "cluster:admin/ingest/pipeline/delete"
+    - 'cluster:admin/opendistro/ad/*'
+    - 'cluster_monitor'
   index_permissions:
     - index_patterns:
         - '*'

From 0139c974bba51d08ec2ea7ded946437d4a9f4848 Mon Sep 17 00:00:00 2001
From: Jackie Han <hnyng@amazon.com>
Date: Wed, 29 Jan 2025 03:11:05 -0800
Subject: [PATCH 3/3] cleanup

Signed-off-by: Jackie Han <hnyng@amazon.com>
---
 config/roles.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/config/roles.yml b/config/roles.yml
index c760c5f3a5..3c0e57ca6c 100644
--- a/config/roles.yml
+++ b/config/roles.yml
@@ -79,8 +79,8 @@ anomaly_read_access:
 anomaly_full_access:
   reserved: true
   cluster_permissions:
-    - "cluster:admin/ingest/pipeline/put"
     - "cluster:admin/ingest/pipeline/delete"
+    - "cluster:admin/ingest/pipeline/put"
     - 'cluster:admin/opendistro/ad/*'
     - 'cluster_monitor'
   index_permissions: