[ResponseOps] Add access to .alerting* for kibana_system role#143046
[ResponseOps] Add access to .alerting* for kibana_system role#143046adcoelho merged 1 commit intoelastic:mainfrom
.alerting* for kibana_system role#143046Conversation
|
Pinging @elastic/es-security (Team:Security) |
kc13greiner
left a comment
There was a problem hiding this comment.
Heya @adcoelho !
Can you provide some context about why the kibana_system user needs all privilege on this system index?
|
Hi @kc13greiner, thanks for reviewing. We are working on a new direction for "rules and alerts" that rewrites everything from scratch in a new architecture. Until now, the indexes we created were all named |
cnasikas
left a comment
There was a problem hiding this comment.
From a ResponseOps standpoint (naming of indices) LGTM!
Thanks for the info! You mention |
@kc13greiner, atm not, we plan on using all of these as we did for the old |
++ ok! Thanks for the discussion! Since it is a system index and all the privileges are required, we can accept this 👍 |
|
@kc13greiner and thanks for the approval 🙌 I fully understand where you are coming from wrt to granting the least amount of necessary permissions. It is just that in this case, we have needed the same in the past, I just need to update the index names 😁 |
…#254901) Closes elastic/rna-program#144 ## Summary **This PR depends on: elastic/elasticsearch#143046 Renaming the alerting indexes: ``` .alerts-events -> .alerting-events .alerts-actions -> .alerting-actions ``` --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
Closes https://github.com/elastic/rna-program/issues/146
Summary
For the alert engine refactor work(alerting v2), we need to allow the Kibana system user to access
.alerting*indexes.