Permission list for alerting

We are currently using Elasticsearch 7.4.2, SearchGuard and Alerting Plugin 1.4.0. I have set up RBAC with specific roles, having permissions to view specific roles.

Now that I have added alerting plugin, these users when they login they are not able to create alerts. I have tried creating role as specified in the documentation and assign the role to the user through the backend role, but it did not help.

Could you point me towards documentation where it is specified on how the roles needs to be created for the alerting plugin to work in the above scenario. When I go into create monitor screen, this is what I see.

no permission for indices:monitor/settings/get


Hi @sreekanth

The documentation is not correct, and I’m sorry that it confused you.
Currently the Alerting plugin only support the admin role to configure.
Any other roles can not use alerting for now.


Thanks Tianli for the response, appreciate it. :slightly_smiling_face:

Hi Tianli,

We actually got it to working with the following permissions. In case it helps others.
- ‘indexname*’
- ‘.opendistro-alerting*’
tenant_patterns: [

For index name you will have to provide the index against which you need alerting set up, I know it can turn counter productive for a large number of indices but for now we only have one index so we are good.


Hi Sreekanth,

Thank you for sharing the permission setting that make it possible to use Alerting plugin!
I’m sure it will help others, and this is also a good resource for me.


Hi sreekanth,

unfortunately I am unable to even select SGS_CRUD or SGS_MANAGE for Action groups,
is there an non standard plugin that needs to installed?

Nopes no non standard plugin was installed, could you elaborate on what you mean by “unable to even select”

Thank you very much for your answer, in the version of Open Distro I am using(1.8) the Action groups is a dropdown with options and none of them are the two mentioned above.

Well, in my case, I directly modified the file, so maybe you could try the same.

1 Like