From 88a711ea7097e01155effa63317a5c7d393a4525 Mon Sep 17 00:00:00 2001
From: Michael Peterson <michael.peterson@elastic.co>
Date: Wed, 20 Mar 2024 16:53:05 -0400
Subject: [PATCH] Allow users with read role to use the async_search/status
 endpoint

---
 .../core/security/authz/privilege/IndexPrivilege.java     | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authz/privilege/IndexPrivilege.java b/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authz/privilege/IndexPrivilege.java
index ba00864148c24..a00bd01a996de 100644
--- a/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authz/privilege/IndexPrivilege.java
+++ b/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authz/privilege/IndexPrivilege.java
@@ -75,14 +75,20 @@
 public final class IndexPrivilege extends Privilege {
     private static final Logger logger = LogManager.getLogger(IndexPrivilege.class);
 
-    private static final Automaton ALL_AUTOMATON = patterns("indices:*", "internal:transport/proxy/indices:*");
+    private static final Automaton ALL_AUTOMATON = patterns(
+        "indices:*",
+        "internal:transport/proxy/indices:*",
+        "cluster:monitor/async_search/status"
+    );
     private static final Automaton READ_AUTOMATON = patterns(
         "indices:data/read/*",
+        "cluster:monitor/async_search/status",
         ResolveIndexAction.NAME,
         TransportResolveClusterAction.NAME
     );
     private static final Automaton READ_CROSS_CLUSTER_AUTOMATON = patterns(
         "internal:transport/proxy/indices:data/read/*",
+        "cluster:monitor/async_search/status",
         ClusterSearchShardsAction.NAME,
         TransportSearchShardsAction.TYPE.name(),
         TransportResolveClusterAction.NAME,