### Release notes Advanced Search documentation has been updated to list the minimum security privileges required to integrate with Elasticsearch. Documentation: https://docs.gitlab.com/ee/integration/advanced_search/elasticsearch.html#elasticsearch-with-role-privileges <!-- Instructions: Use this template for a proof of concept or when a deeper technical evaluation is required. Please weigh tech evaluation issues and follow the instructions below accordingly. --> ### Topic to Evaluate We need to specify what are the minimum permissions needed by Gitlab to integrate with Elasticsearch from the entirety of [ES security privileges](https://www.elastic.co/guide/en/elasticsearch/reference/current/security-privileges.html) We currently don't have any guidelines for customers who are configuring Advanced Search and want to be mindful of security best practices. When providing an Elasticsearch username, we assume it's an administrator and has read/write access but we don't explicitly define what type of user role should be used or what type of cluster and index privileges are required. In my testing it's not required to use the built-in administrator role, but if you are creating an admin-like role to be used for the purposes of supplying it to GitLab for integration it would be useful to know what you should need at minimum. We should update our documentation to include the required list of security privileges a user must have for proper elasticsearch functionality. We should also consider documenting how to scope your roles to specific indexes for those who are security minded. Some immediate notes: - `cluster:monitor` and `index:all` for index pattern `gitlab-*` - `write` access is required `to perform all write operations to documents, which includes the permission to index, update, and delete documents as well as performing bulk operations, and allows the dynamic mapping updates as a result of these.` **Elasticsearch Documentation**: - https://www.elastic.co/guide/en/elasticsearch/reference/7.17/defining-roles.html - https://www.elastic.co/guide/en/elasticsearch/reference/7.17/security-privileges.html#privileges-list-indices **Slack convo for context:** - https://gitlab.slack.com/archives/C3TMLK465/p1645807188965549 **ZD Ticket:** - https://gitlab.zendesk.com/agent/tickets/270650 <!-- Label reminders Use the following resources to find the appropriate labels: - https://gitlab.com/gitlab-org/gitlab/-/labels - https://about.gitlab.com/handbook/product/categories/features/ --> ### Tasks to Evaluate <!-- Outline the tasks with issues that you need to evaluate as a part of the implementation issue --> Elasticsearch security privileges.