From c96ef307bff2cdf761511753edc6ba9ab0987fb8 Mon Sep 17 00:00:00 2001
From: Mohammad Qureshi <47198598+qreshi@users.noreply.github.com>
Date: Tue, 17 May 2022 17:45:30 -0700
Subject: [PATCH] Add default roles for Notifications plugin (#1847)

Signed-off-by: Mohammad Qureshi <47198598+qreshi@users.noreply.github.com>
(cherry picked from commit 25eda954114642a7b61ab033df8e48c804d7ff8b)
---
 securityconfig/roles.yml | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/securityconfig/roles.yml b/securityconfig/roles.yml
index d64d822155..09c943dace 100644
--- a/securityconfig/roles.yml
+++ b/securityconfig/roles.yml
@@ -33,6 +33,7 @@ alerting_full_access:
     - 'cluster_monitor'
     - 'cluster:admin/opendistro/alerting/*'
     - 'cluster:admin/opensearch/alerting/*'
+    - 'cluster:admin/opensearch/notifications/feature/publish'
   index_permissions:
     - index_patterns:
         - '*'
@@ -155,6 +156,7 @@ index_management_full_access:
     - "cluster:admin/opendistro/ism/*"
     - "cluster:admin/opendistro/rollup/*"
     - "cluster:admin/opendistro/transform/*"
+    - "cluster:admin/opensearch/notifications/feature/publish"
   index_permissions:
     - index_patterns:
         - '*'
@@ -211,3 +213,17 @@ ml_full_access:
         - '*'
       allowed_actions:
         - 'indices_monitor'
+
+# Allows users to use all Notifications functionality
+notifications_full_access:
+  reserved: true
+  cluster_permissions:
+    - 'cluster:admin/opensearch/notifications/*'
+
+# Allows users to read Notifications config/channels
+notifications_read_access:
+  reserved: true
+  cluster_permissions:
+    - 'cluster:admin/opensearch/notifications/configs/get'
+    - 'cluster:admin/opensearch/notifications/features'
+    - 'cluster:admin/opensearch/notifications/channels/get'