Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Feature Request] More fine-grained privileges with manage_index_templates & manage_pipelines #70121

Open
kunisen opened this issue Mar 9, 2021 · 3 comments
Open

[Feature Request] More fine-grained privileges with manage_index_templates & manage_pipelines #70121

kunisen opened this issue Mar 9, 2021 · 3 comments
Labels
>enhancement :ml Machine learning :Security/Authorization Roles, Privileges, DLS/FLS, RBAC/ABAC Team:ML Meta label for the ML team Team:Security Meta label for security team

Comments

@kunisen
Copy link
Contributor

kunisen commented Mar 9, 2021

Using the feature File Data Visualizer will require ingest_admin role.
This gives the manage_index_templates and manage_ingest_pipelines cluster role to the user.
https://www.elastic.co/guide/en/machine-learning/current/setup.html#setup-privileges
https://www.elastic.co/guide/en/elasticsearch/reference/current/built-in-roles.html
https://www.elastic.co/guide/en/elasticsearch/reference/current/security-privileges.html

However, this will expose all the index templates & policies etc to users.
Is there a way to provides stricter controls when allowing the use of data visualizer?
@kunisen kunisen added >enhancement :ml Machine learning :Security/Authorization Roles, Privileges, DLS/FLS, RBAC/ABAC needs:triage Requires assignment of a team area label labels Mar 9, 2021
@elasticmachine elasticmachine added Team:ML Meta label for the ML team Team:Security Meta label for security team labels Mar 9, 2021
@elasticmachine
Copy link
Collaborator

Pinging @elastic/es-security (Team:Security)

@elasticmachine
Copy link
Collaborator

Pinging @elastic/ml-core (Team:ML)

@ywangd
Copy link
Member

ywangd commented Mar 9, 2021

Related to #53110

@romseygeek romseygeek removed the needs:triage Requires assignment of a team area label label Mar 9, 2021
@colings86 colings86 mentioned this issue Sep 10, 2021
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
>enhancement :ml Machine learning :Security/Authorization Roles, Privileges, DLS/FLS, RBAC/ABAC Team:ML Meta label for the ML team Team:Security Meta label for security team
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@romseygeek @ywangd @elasticmachine @kunisen