Skip to main content
Version: 1.6.x

Elasticsearch privileges

If your Elasticsearch access is restricted by roles, you will need to make sure the right roles exist for TSB components.


For OAP, the necessary role permissions are described in the JSON below.

"cluster": ["manage_index_templates", "monitor"],
"indices": [
"names": ["skywalking_*"],
"privileges": ["manage", "read", "write"],
"allow_restricted_indices": false
"applications": [],
"run_as": [],
"metadata": {},
"transient_metadata": {
"enabled": true

You can use cURL, Kibana console or any other tool to post this to the Elasticsearch server to create the role, then you can assign the role to the user OAP will be using.