[SIEM] ML Permissions are verified on the backend #62532
Labels
enhancement
New value added to drive a business result
Team: SecuritySolution
Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc.
Team:SIEM
v7.8.0
v8.0.0
Comments
rylnd
added
enhancement
|
Pinging @elastic/siem (Team:SIEM) |
3 tasks
|
Related issue for ML: #62886 |
|
Closed by #65583 |
MindyRS
added
the
Team: SecuritySolution
|
Pinging @elastic/security-solution (Team: SecuritySolution) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Prior to the availability of the ML plugin contract, we were unable to perform these checks.
This causes the following errant behaviors:
NB that in both of the above situations, the user must have a valid ML license (platinum/trial).
This might merit a separate PR, but rule execution is going to be even trickier: since the rule executes with the permissions of the last person who modified it, ML services will need to be refactored to accept a non-extended cluster client (currently they expect paths like
ml.jobswhich do not exist on the scoped alerting client). Even then, a user could lose their ML permissions and the job will happily continue to execute with its own (now outdated) copy of that user's permissions.The text was updated successfully, but these errors were encountered: