Machine learning job and rule requirements
To run and create machine learning jobs and rules in serverless, you need the appropriate user role. In Elastic Stack, you need all of these:
- The appropriate license
- There must be at least one machine learning node in your cluster
- The
machine_learning_adminuser role
Additionally, to configure alert suppression for machine learning rules, your role needs the following index privilege:
readpermission for the.ml-anomalies-*index
For more information, go to Set up machine learning features.
Some roles (for example, in Elastic Stack, the machine_learning_admin and machine_learning_user built-in roles) give access to the results of all anomaly detection jobs, irrespective of whether the user has access to the source indices. Likewise, a user who has full or read-only access to machine learning features within a given Kibana space can view the results of all anomaly detection jobs that are visible in that space. You must carefully consider who is given these roles and feature privileges; anomaly detection job results may propagate field values that contain sensitive information from the source indices to the results.