Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[BeatsCM - NP] A way to check user roles in client and server #47362

Closed
mattapperson opened this issue Oct 4, 2019 · 3 comments
Closed

[BeatsCM - NP] A way to check user roles in client and server #47362

mattapperson opened this issue Oct 4, 2019 · 3 comments
Labels
Feature:beats-cm Feature:New Platform Team:Security Team focused on: Auth, Users, Roles, Spaces, Audit Logging, and more!

Comments

@mattapperson
Copy link
Contributor

In the current platform, BeatsCM checks user roles to decide if a user has permissions to use BeatsCM. We do this because we want to be able to warn users in the UI before they get an error when trying to do something that they can not use beats for one of the following reasons:

  • Security is not enabled
  • The user does not have the correct roles.
    That is to say we do a pre-flight check in order to notify users immediately.

This is not something that is currently a planned API for the new platform, and is honestly not desirable behavior in general as it is bypassing platform security.

Potential fixes:

  • Remove these checks, and instead do a pre-flight query of the BeatsCM created index to check for permissions. -- A Higher level of effort then is desirable for BeatsCM at this time, and would alter the security model of the project (even if it is to to improve it)
  • Expose the needed APIs to new platform -- Not ideal and opens the door for other plugins to use a feature we would rather not continue to see used in the new platform.

Ideally, can find a low level of effort fix that could be easy to implement.
@mattapperson mattapperson added Feature:New Platform Team:Security Team focused on: Auth, Users, Roles, Spaces, Audit Logging, and more! Feature:beats-cm labels Oct 4, 2019
@elasticmachine
Copy link
Contributor

Pinging @elastic/kibana-security (Team:Security)

@mattapperson
Copy link
Contributor Author

// cc @restrry

@mattapperson mattapperson mentioned this issue Oct 4, 2019
Open
13 tasks
@legrego
Copy link
Member

legrego commented Sep 15, 2020

Resolved via #67791

@legrego legrego closed this as completed Sep 15, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Feature:beats-cm Feature:New Platform Team:Security Team focused on: Auth, Users, Roles, Spaces, Audit Logging, and more!
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@mattapperson @kobelb @legrego @elasticmachine