Skip to content

Granting editor and viewer roles access to alerts-as-data indices#81285

Merged
marshallmain merged 1 commit intomasterfrom
alerts-as-data-viewer-editor
Dec 6, 2021
Merged

Granting editor and viewer roles access to alerts-as-data indices#81285
marshallmain merged 1 commit intomasterfrom
alerts-as-data-viewer-editor

Conversation

@marshallmain
Copy link
Contributor

@marshallmain marshallmain commented Dec 3, 2021

Summary

Elasticsearch has built-in editor and viewer roles that grant access to all features in Kibana. This PR adds the necessary index patterns and privileges to those roles to allow access to the new alerts-as-data indices. (Alerts as Data)

@elasticsearchmachine elasticsearchmachine added v8.1.0 external-contributor Pull request authored by a developer outside the Elasticsearch team labels Dec 3, 2021
@marshallmain marshallmain added :Security/Authorization Roles, Privileges, DLS/FLS, RBAC/ABAC >enhancement auto-backport Automatically create backport pull requests when merged Team:Security Meta label for security team v8.0.0 labels Dec 3, 2021
@marshallmain marshallmain marked this pull request as ready for review December 3, 2021 08:12
@elasticmachine
Copy link
Collaborator

elasticmachine commented Dec 3, 2021

Pinging @elastic/es-security (Team:Security)

@bytebilly
Copy link
Contributor

bytebilly commented Dec 3, 2021

@marshallmain thanks for creating this. From previous discussions, I found that .kibana-alerts-securitysolution.alerts may be part of the story, but I have no context to validate that.
Could you please take a look? Thanks!

@marshallmain
Copy link
Contributor Author

marshallmain commented Dec 3, 2021

@bytebilly Indices and aliases starting with .kibana was one of the initial suggestions for alerts-as-data index naming, but it was decided to use .alerts instead. Thanks for the feedback!

tvernum
tvernum approved these changes Dec 6, 2021
View reviewed changes
Copy link
Contributor

@tvernum tvernum left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@marshallmain marshallmain merged commit 9170d57 into master Dec 6, 2021
@marshallmain marshallmain deleted the alerts-as-data-viewer-editor branch December 6, 2021 16:18
marshallmain added a commit to marshallmain/elasticsearch that referenced this pull request Dec 6, 2021
@marshallmain
Add alerts-as-data indices to privileges for built-in viewer and edit…
3610316 
…or roles (elastic#81285)
@marshallmain marshallmain mentioned this pull request Dec 6, 2021
Merged
@elasticsearchmachine
Copy link
Collaborator

elasticsearchmachine commented Dec 6, 2021

💚 Backport successful

Status Branch Result
8.0

ywangd pushed a commit that referenced this pull request Dec 19, 2021
@marshallmain
Add alerts-as-data indices to privileges for built-in viewer and edit…
6a958ea 
…or roles (#81285) (#81379)

Backports the following commits to 8.0:

* Add alerts-as-data indices to privileges for built-in viewer and editor roles (Granting editor and viewer roles access to alerts-as-data indices #81285)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@tvernum tvernum tvernum approved these changes

Assignees

No one assigned

Labels

auto-backport Automatically create backport pull requests when merged >enhancement external-contributor Pull request authored by a developer outside the Elasticsearch team :Security/Authorization Roles, Privileges, DLS/FLS, RBAC/ABAC Team:Security Meta label for security team v8.0.0-rc1 v8.1.0

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

6 participants

@marshallmain @elasticmachine @bytebilly @elasticsearchmachine @tvernum @mark-vieira