From 67b2e7ff83788ba5a8d13acbbad726fe51caf407 Mon Sep 17 00:00:00 2001 From: Larry Gregory Date: Thu, 21 Nov 2019 15:09:17 -0500 Subject: [PATCH] Feature Controls - adds matrix for feature availability (#39078) * document feature availability * move feature table --- .../security/authorization/index.asciidoc | 27 ++++++++++++++++--- 1 file changed, 24 insertions(+), 3 deletions(-) diff --git a/docs/user/security/authorization/index.asciidoc b/docs/user/security/authorization/index.asciidoc index 0106ba75652ad..dad2f62bd8ffa 100644 --- a/docs/user/security/authorization/index.asciidoc +++ b/docs/user/security/authorization/index.asciidoc @@ -26,9 +26,6 @@ Open the **Spaces** selection control to specify whether to grant the role acces Use the **Privilege** menu to grant access to features. The default is **Custom**, which you can use to grant access to individual features. Otherwise, you can grant read and write access to all current and future features by selecting **All**, or grant read access to all current and future features by selecting **Read**. -[IMPORTANT] -If a feature is hidden using the Spaces disabled features, it will remain hidden even if the user has the necessary privileges. - When using the **Customize by feature** option, you can choose either **All**, **Read** or **None** for access to each feature. As new features are added to Kibana, roles that use the custom option do not automatically get access to the new features. You must manually update the roles. NOTE: Machine Learning and Stack Monitoring rely on built-in roles to grant access. When a user is assigned the appropriate roles, the Machine Learning and Stack Monitoring application are available; otherwise, these applications are not visible. @@ -39,6 +36,30 @@ To apply your changes, click **Create space privilege**. The space privilege sho [role="screenshot"] image::user/security/images/create-space-privilege.png[Create space privilege] +==== Feature availability + +Features are available to users when their roles grant access to the features, **and** those features are visible in their current space. The following matrix explains when features are available to users when controlling access via <> and role-based access control: + +|=== +|**Spaces config** |**Role config** |**Result** + +|Feature hidden +|Feature disabled +|Feature not available + +|Feature hidden +|Feature enabled +|Feature not available + +|Feature visible +|Feature disabled +|Feature not available + +|Feature visible +|Feature enabled +|**Feature available** +|=== + ==== Assigning different privileges to different spaces Using the same role, it’s possible to assign different privileges to different spaces. After you’ve added space privileges, click **Add space privilege**. If you’ve already added privileges for either *** Global (all spaces)** or an individual space, you will not be able to select these in the **Spaces** selection control.