The step in solutions/security/detect-and-alert/cross-cluster-search-detection-rules.md (PR: #6934 (comment)) will link to the TLS CCS privileges section as soon as #6934 is merged.
The text around the step describes TLS certificate authentication only. For API key authentication (which is the recommended method) roles are created on the local cluster only using remote_indices privileges; no remote cluster role is required.
Request:
- Update the step that starts "On both the local and remote clusters, create a role for {{ccs}} privileges …" to cover both authentication models. Specifically:
- For API key authentication: state that roles/users are created on the local cluster only and use remote_indices privileges (link to remote-clusters API key page).
- For TLS certificate authentication: keep the existing instruction that roles must be created on both clusters and link to the TLS cert subsection.
- Make the step explicit about which security model each substep applies to, and include direct links to the relevant sections.
Notes:
- The current minimal fix (linking directly to the TLS cert subsection) is fine for now, but we should implement the fuller change so the step is accurate for both auth models and avoids confusing readers (especially in light of the TLS method being deprecated).
- This is a documentation/content change only; no product changes required.
The step in solutions/security/detect-and-alert/cross-cluster-search-detection-rules.md (PR: #6934 (comment)) will link to the TLS CCS privileges section as soon as #6934 is merged.
The text around the step describes TLS certificate authentication only. For API key authentication (which is the recommended method) roles are created on the local cluster only using remote_indices privileges; no remote cluster role is required.
Request:
Notes: