-
Notifications
You must be signed in to change notification settings - Fork 368
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
REST APIs access permission control for different users based on https://github.com/opendistro-for-elasticsearch/security #334
Comments
Thanks for continuing to support this project. We are going to have a brief discussion about this today and will respond here with any questions. I think Ani wanted to set up a proper meeting to discuss this next week and I'm still figuring out who should be there from OSC. My goal is to keep this issue up to date with the various discussions so we have single record of where we are on it. |
Some steps,
Based on the above, user can
|
Wanted to share some of my thoughts about the step you outlined above for general discussion. I'd like to gauge community desire for these security functions. I haven't heard of people wanting this level of control over LTR index access, but that doesn't mean that need isn't out there. Separately form the first bit, this plugin is used by Elasticsearch and OpenDistro users today. We want to keep this balance and make sure contributions can benefit both communities. For the abilities you suggest, I'd like to discuss where those abilities would be helping. Using a rubric like this:
I also want to keep in mind how much code would need to be changed to gain these new abilities, that's what the |
Hi,
I am creating this issue to discuss a feature about users permission control for the below three scenarios.
We'd like to provide this feature by integrating with https://github.com/opendistro-for-elasticsearch/security. Basically we would associate each REST API with a transport action which can be controlled under opendistro security plugin. Define default roles for LTR plugin. Add some roles infos in each document, like model, feature set etc. to provide document level permission control.
What do you think? If need more details, I can provide it.
Best regards,
Jing
The text was updated successfully, but these errors were encountered: