Add Kibana application privileges for monitoring and ml reserved roles #40651
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
polyfractal
added
the
:Security/Authorization
|
Pinging @elastic/es-security |
bizybot
approved these changes
Apr 4, 2019
...src/test/java/org/elasticsearch/xpack/core/security/authz/store/ReservedRolesStoreTests.java
Outdated
Show resolved
Hide resolved
...src/test/java/org/elasticsearch/xpack/core/security/authz/store/ReservedRolesStoreTests.java
Outdated
Show resolved
Hide resolved
...src/test/java/org/elasticsearch/xpack/core/security/authz/store/ReservedRolesStoreTests.java
Outdated
Show resolved
Hide resolved
Sure, you got it! Thanks @bizybot |
kobelb
added a commit
that referenced
this pull request
Apr 5, 2019
#40651) * Add Kibana application privileges for monitoring and ml reserved roles * Adding test for kibana-.kibana application explicitly * Whoa there, fat fingered kibana and application... * And I copied something from monitoring I shouldn't have... * And actually doing what Yogesh recommended...
jasontedor
added a commit
to jasontedor/elasticsearch
that referenced
this pull request
Apr 6, 2019
* master: (63 commits) Suppress lease background sync failures if stopping (elastic#40902) [DOCS] Added settings page for ILM. (elastic#40880) [Docs] Remove extraneous text (elastic#40914) Move test classes to test root in Painless (elastic#40873) Fix date index name processor default date_formats (elastic#40915) Source additional files correctly in elasticsearch-cli (elastic#40890) Allow AVX-512 on JDK 11+ (elastic#40828) [Docs] Change example to show col headers (elastic#40822) Update apache httpclient to version 4.5.8 (elastic#40875) Update monitoring-kibana.json (elastic#40899) Introduce Delegating ActionListener Wrappers (elastic#40129) Deprecate old transport settings (elastic#40821) Add Kibana application privileges for monitoring and ml reserved roles (elastic#40651) Use Writeable for TransportReplAction derivatives (elastic#40894) Add test for HTTP and Transport TLS on basic license (elastic#40714) Remove unneded cluster config from test (elastic#40856) Make Fuzziness reject illegal values earlier (elastic#33511) Remove test-only customisation from TransReplAct (elastic#40863) Fix dense/sparse vector limit documentation (elastic#40852) Make -try xlint warning disabled by default. (elastic#40833) ...
jasontedor
added a commit
to jasontedor/elasticsearch
that referenced
this pull request
Apr 6, 2019
* master: (77 commits) Suppress lease background sync failures if stopping (elastic#40902) [DOCS] Added settings page for ILM. (elastic#40880) [Docs] Remove extraneous text (elastic#40914) Move test classes to test root in Painless (elastic#40873) Fix date index name processor default date_formats (elastic#40915) Source additional files correctly in elasticsearch-cli (elastic#40890) Allow AVX-512 on JDK 11+ (elastic#40828) [Docs] Change example to show col headers (elastic#40822) Update apache httpclient to version 4.5.8 (elastic#40875) Update monitoring-kibana.json (elastic#40899) Introduce Delegating ActionListener Wrappers (elastic#40129) Deprecate old transport settings (elastic#40821) Add Kibana application privileges for monitoring and ml reserved roles (elastic#40651) Use Writeable for TransportReplAction derivatives (elastic#40894) Add test for HTTP and Transport TLS on basic license (elastic#40714) Remove unneded cluster config from test (elastic#40856) Make Fuzziness reject illegal values earlier (elastic#33511) Remove test-only customisation from TransReplAct (elastic#40863) Fix dense/sparse vector limit documentation (elastic#40852) Make -try xlint warning disabled by default. (elastic#40833) ...
gurkankaymak
pushed a commit
to gurkankaymak/elasticsearch
that referenced
this pull request
May 27, 2019
elastic#40651) * Add Kibana application privileges for monitoring and ml reserved roles * Adding test for kibana-.kibana application explicitly * Whoa there, fat fingered kibana and application... * And I copied something from monitoring I shouldn't have... * And actually doing what Yogesh recommended...
droberts195
added a commit
to droberts195/stack-docs
that referenced
this pull request
May 31, 2019
Users who create roles that are similar to the reserved roles need to know about these. The privileges were added to the reserved roles in elastic/elasticsearch#40651 and elastic/elasticsearch#42757
droberts195
added a commit
to elastic/stack-docs
that referenced
this pull request
Jun 5, 2019
Users who create roles that are similar to the reserved roles need to know about these. The privileges were added to the reserved roles in elastic/elasticsearch#40651 and elastic/elasticsearch#42757 Co-Authored-By: Lisa Cawley <[email protected]>
droberts195
added a commit
to elastic/stack-docs
that referenced
this pull request
Jun 5, 2019
Users who create roles that are similar to the reserved roles need to know about these. The privileges were added to the reserved roles in elastic/elasticsearch#40651 and elastic/elasticsearch#42757 Co-Authored-By: Lisa Cawley <[email protected]>
droberts195
added a commit
to elastic/stack-docs
that referenced
this pull request
Jun 5, 2019
Users who create roles that are similar to the reserved roles need to know about these. The privileges were added to the reserved roles in elastic/elasticsearch#40651 and elastic/elasticsearch#42757 Co-Authored-By: Lisa Cawley <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
To enable Feature Controls we'd like the ability to only show the Machine Learning and Monitoring applications when the user has the assigned reserved role. To do so, we're augmenting these reserved roles with the privileges which are necessary to make this determination. These roles grant access to
kibana-*, so that in a multi-tenant deployment of Kibana, users will get access to these applications in the same way that they do today.