[docs] Document new role description field#108422
[docs] Document new role description field#108422slobodanadamovic merged 37 commits intoelastic:mainfrom
Conversation
|
Documentation preview: |
| + "as well as updating user profile data for the kibana-* namespace. " | ||
| + "Additionally, this role grants read access to the .monitoring-* indices " | ||
| + "and read and write access to the .reporting-* indices. " | ||
| + "Note: This role should not be assigned to users as the granted permissions may change between releases." |
There was a problem hiding this comment.
This is a verbatim copy of kibana_system role's description. The documentation seems to be outdated, since the permissions have changed quite a lot since the documentation was first written.
Not sure if we should cover them all. But I do think it's worth revisiting description to be more explicit in stating that this its intention is for system use by Kibana and that it should not be granted to regular users.
There was a problem hiding this comment.
Ah good catch! I can take this back to my team to discuss updates, but I think this is fine for now.
There was a problem hiding this comment.
Sounds good to me.
The superuser role is not 1-1 serialized when persisted as limited-by.
superuser role now has description which is not stored in API keys
| * would be inconsistent and require handling backwards compatibility. | ||
| * Hence why we have to remove them before create/update of API key roles. | ||
| */ | ||
| static Set<RoleDescriptor> removeUserRoleDescriptorDescriptions(Set<RoleDescriptor> userRoleDescriptors) { |
There was a problem hiding this comment.
Made package protected for testing.
7c4bddc to
3440fbf
Compare
|
Pinging @elastic/es-docs (Team:Docs) |
|
Pinging @elastic/es-security (Team:Security) |
| + "as well as updating user profile data for the kibana-* namespace. " | ||
| + "Additionally, this role grants read access to the .monitoring-* indices " | ||
| + "and read and write access to the .reporting-* indices. " | ||
| + "Note: This role should not be assigned to users as the granted permissions may change between releases." |
There was a problem hiding this comment.
Ah good catch! I can take this back to my team to discuss updates, but I think this is fine for now.
shainaraskas
left a comment
There was a problem hiding this comment.
docs lgtm with a couple of small comments
Co-authored-by: shainaraskas <58563081+shainaraskas@users.noreply.github.com>
This PR adds missing role description for the `transport_client role`, and a test to enforce that all reserved roles are described. The description also serves as self-documentation for roles, thus it is reasonable to make this a requirement for all reserved roles. Relates to #108422, which included descriptions for other reserved roles.
Update API docs to include new
descriptionfield (introduced in #107088) and add descriptions for all built-in roles.