Skip to content

WIP: Rules RBAC Role Updates#12

Closed
denar50 wants to merge 2 commits intorylnd:rules-rbac-newfrom
denar50:rules-rbac-siemv5-role-update
Closed

WIP: Rules RBAC Role Updates#12
denar50 wants to merge 2 commits intorylnd:rules-rbac-newfrom
denar50:rules-rbac-siemv5-role-update

Conversation

@denar50
Copy link
Copy Markdown

@denar50 denar50 commented Nov 7, 2025

Summary

Summarize your PR. If it involves visual changes include a screenshot or gif.

Checklist

Check the PR satisfies following conditions.

Reviewers should verify this PR satisfies this list as well.

  • Any text added follows EUI's writing guidelines, uses sentence case text and includes i18n support
  • Documentation was added for features that require explanation or tutorials
  • Unit or functional tests were updated or added to match the most common scenarios
  • If a plugin configuration key changed, check if it needs to be allowlisted in the cloud and added to the docker list
  • This was checked for breaking HTTP API changes, and any breaking changes have been approved by the breaking-change committee. The release_note:breaking label should be applied in these situations.
  • Flaky Test Runner was used on any tests changed
  • The PR description includes the appropriate Release Notes section, and the correct release_note:* label is applied per the guidelines
  • Review the backport guidelines and apply applicable backport:* labels.

Identify risks

Does this PR introduce any risks? For example, consider risks like hard to test bugs, performance regression, potential of data loss.

Describe the risk, its severity, and mitigation for each identified risk. Invite stakeholders and evaluate how to proceed before merging.

@denar50 denar50 mentioned this pull request Nov 7, 2025
Closed
@denar50 @rylnd
Updates roles/tests/test roles to use new Features
078d056 
This updates prebuilt roles and those used in tests to:

* Reference siemv5 instead of the older siemv4
* Add the new `rules:read` or `rules:all` feature where appropriate

Without this change, our tests are implicitly testing the
`replacedBy`/"migration" path that existing users will follow. With that
version of the code being green, we can have confidence in the behavior
for existing users, and can then update our tests to use the latest
features, here.
@rylnd rylnd force-pushed the rules-rbac-siemv5-role-update branch from 9297b57 to 078d056 Compare November 15, 2025 00:32
@rylnd rylnd changed the title WIP WIP: Rules RBAC Role Updates Dec 5, 2025
rylnd
rylnd reviewed Dec 5, 2025
View reviewed changes
...ty_solution/scripts/endpoint/common/roles_users/serverless/es_serverless_resources/roles.yml Outdated
- feature_siemV5.execute_operations_all # Execute
- feature_siemV5.scan_operations_all
- feature_siemV5.workflow_insights_all
- feature_securitySolutionRulesV1.all
Copy link
Copy Markdown
Owner

@rylnd rylnd Dec 5, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

endpoint_operations_analyst should only be able to read rules, according to this spreadsheet. I've updated this on the corresponding project-controller PR; pushing an update here now, too.

@rylnd
Copy link
Copy Markdown
Owner

rylnd commented Dec 8, 2025

Closing in favor of elastic#245576.

@rylnd rylnd closed this Dec 8, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@rylnd rylnd rylnd left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@denar50 @rylnd