[DOCS] Security domain splitting impacts API keys #88677
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
n1v0lg
added
>docs
n1v0lg
commented
Jul 21, 2022
| @@ -22,7 +22,8 @@ Some types of resources in {es} are owned by a single user, such as | |||
| <<async-search,async search contexts>>, <<security-api-create-api-key,API keys>>, | |||
| and <<user-profile,user profiles>>. When a user creates a resource, {es} | |||
| captures the user's username and realm information as part of the resource's | |||
| metadata. | |||
| metadata. Likewise, if a user updates a resource, such as an API key, | |||
There was a problem hiding this comment.
Not strictly necessary but feels like a worthwhile callout. It makes the transition to the next paragraph slightly more clunky so I can drop the proposed change/push it somewhere else.
n1v0lg
commented
Jul 21, 2022
x-pack/docs/en/security/authentication/security-domain.asciidoc
Outdated
Show resolved
Hide resolved
elasticsearchmachine
added
Team:Docs
|
Pinging @elastic/es-docs (Team:Docs) |
|
Pinging @elastic/es-security (Team:Security) |
|
@lockewritesdocs being mindful of on-week next week, I've requested your review now although there is still the possibility that the current content is not what we want. For your review, lets assume that it is. If @ywangd agrees with the current form on Monday, we will be able to merge before feature freeze. Otherwise, we will defer until after feature freeze. This should be fine, since it's a small doc change as opposed to feature work. Cheers! |
ywangd
approved these changes
Jul 25, 2022
lockewritesdocs
approved these changes
Jul 27, 2022
x-pack/docs/en/security/authentication/security-domain.asciidoc
Outdated
Show resolved
Hide resolved
n1v0lg
added
v8.4.0
auto-backport
n1v0lg
added a commit
to n1v0lg/elasticsearch
that referenced
this pull request
Jul 28, 2022
This PR documents the impact of domain splitting on API keys. API key ownership is determined via username and user realm information, including the user's security domain. API key ownership is shared across users with the same username that are part of the same security domain. A user loses ownership over an API key if their realm is removed from the security domain that previously enabled ownership through cross-realm resource sharing.
💚 Backport successful
|
n1v0lg
added a commit
that referenced
this pull request
Jul 28, 2022
This PR documents the impact of domain splitting on API keys. API key ownership is determined via username and user realm information, including the user's security domain. API key ownership is shared across users with the same username that are part of the same security domain. A user loses ownership over an API key if their realm is removed from the security domain that previously enabled ownership through cross-realm resource sharing.
weizijun
added a commit
to weizijun/elasticsearch
that referenced
this pull request
Jul 29, 2022
* upstream/main: Add 8.5 migration docs (elastic#88923) Script: Reindex & UpdateByQuery Metadata (elastic#88665) Remove unused plugins dir var from server CLI (elastic#88917) Use tracing API in TaskManager (elastic#88885) Add source fallback for keyword fields using operation (elastic#88735) Prune changelogs after 8.3.3 release Bump versions after 8.3.3 release Add a test for checking for misspelled "dry_run" parameters for Desired Nodes API (elastic#88898) Speedup BalanceUnbalancedClusterTests (elastic#88794) Preventing exceptions on node shutdown in integration tests (elastic#88827) Do not trigger check part3 for test mute and docs PRs (elastic#88895) Add troubleshooting docs about data corruption (elastic#88760) Mute RollupActionSingleNodeTests#testRollupDatastream (elastic#88891) [DOCS] Domain splitting impacts API keys (elastic#88677) Fix SqlSearchIT testAllTypesWithRequestToOldNodes (elastic#88866) (elastic#88883) Update synthetic-source.asciidoc (elastic#88880) Log more details in TaskAssertions (elastic#88864) Make Tuple a record (elastic#88280)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR documents the impact of domain splitting on API keys. API key
ownership is determined via username and user realm information,
including the user's security domain. API key ownership is shared
across users with the same username that are part of the same security
domain. A user loses ownership over an API key if their realm is
removed from the security domain that previously enabled ownership
through cross-realm resource sharing.