Machine learning job and rule requirements

edit

[preview] This functionality is in technical preview and may be changed or removed in a future release. Elastic will work to fix any issues, but features in technical preview are not subject to the support SLA of official GA features.

To run and create machine learning jobs and rules, you need the appropriate user role.

Additionally, for custom roles, to configure alert suppression for machine learning rules, your role needs the following index privilege:

  • read permission for the .ml-anomalies-* index

For more information, go to Set up machine learning features.

Some roles give access to the results of all anomaly detection jobs, irrespective of whether the user has access to the source indices. Likewise, a user who has full or read-only access to machine learning features within a given Kibana space can view the results of all anomaly detection jobs that are visible in that space. You must carefully consider who is given these roles and feature privileges; anomaly detection job results may propagate field values that contain sensitive information from the source indices to the results.