[8.x/Docs/Reporting] Update guidance for xpack.reporting.roles.enabled#203703
Conversation
tsullivan
added
release_note:skip
|
A documentation preview will be available soon. Request a new doc build by commenting
If your PR continues to fail for an unknown reason, the doc build pipeline may be broken. Elastic employees can check the pipeline status here. |
tsullivan
added
v8.16.0
backport:version
clintandrewhall
left a comment
clintandrewhall
left a comment
There was a problem hiding this comment.
A couple of suggestions for consistency.
Co-authored-by: Clint Andrew Hall <clint@clintandrewhall.com>
jloleysens
left a comment
jloleysens
left a comment
There was a problem hiding this comment.
Overall LGTM, left a non-blocking question, but I may have misunderstood something.
| NOTE: In Kibana 8.x versions, the default `xpack.reporting.roles.enabled: true` setting uses an older access control model separate from {kib} application | ||
| privileges. The default model grants users with the built-in `reporting_user` role access to create any type of report in Kibana. Since the default model | ||
| is not based on {kib} application privileges, users that do not have permission to create reports will see {report-features} in Kibana, but will receive an | ||
| error if they attempt to request a report. The default model also does not allow API keys or authentication tokens to authorize report generation. Refer to |
There was a problem hiding this comment.
Interesting, I did not realise requesting reports would error under this model.
So the current default xpack.reporting.roles.enabled: true does not allow users to use reporting functionality at all if I'm following correctly?
There was a problem hiding this comment.
So the current default
xpack.reporting.roles.enabled: truedoes not allow users to use reporting functionality at all if I'm following correctly?
I hope this is actually clear in the docs - the default setting doesn't allow users to use the reporting functionality IF they do not have the reporting_user role.
There was a problem hiding this comment.
OK, that was my misunderstanding, I think it is clear enough!
Co-authored-by: Jean-Louis Leysens <jloleysens@gmail.com>
|
Please do not merge this pull request. We disabled auto-merge because we are trying to merge a this big PR as part of sustainable architecture migration which is impossible with ever increasing stream of backports. We will resume the automerge after our PR is merged. Reach out to #sustainable-kibana-architecture for more info. |
|
Auto-merge has been re-enabled. Thank you for your patience. :heart |
5 participants
Summary
The purpose of this PR is to clarify the 8.x documentation of
xpack.reporting.roles.enabled, and to focus on wording that encourages users to setxpack.reporting.roles.enabled: falseas a way to take advantage of a newer access control model and grant users the least amount of privilege they need. This adds more explain to what thexpack.reporting.roles.enabledsetting actually does, and explain that these concerns are specific to 8.x.