Skip to content

Add ESQL views privileges to kibana_system role#143455

Merged
mohamedhamed-ahmed merged 4 commits intoelastic:mainfrom
mohamedhamed-ahmed:add-kibana-system-esql-views-privileges
Mar 4, 2026
Merged

Add ESQL views privileges to kibana_system role#143455
mohamedhamed-ahmed merged 4 commits intoelastic:mainfrom
mohamedhamed-ahmed:add-kibana-system-esql-views-privileges

Conversation

@mohamedhamed-ahmed
Copy link
Copy Markdown
Contributor

@mohamedhamed-ahmed mohamedhamed-ahmed commented Mar 3, 2026
edited
Loading

Summary

Related to Add views for wired streams

As part of the above ticket, we need to manage views on startup and thus the need for ESLQ views privileges on the $. prefix for logs to be able to do so.

@mohamedhamed-ahmed mohamedhamed-ahmed requested a review from a team as a code owner March 3, 2026 11:06
@elasticsearchmachine elasticsearchmachine added needs:triage Requires assignment of a team area label external-contributor Pull request authored by a developer outside the Elasticsearch team and removed Team:Security Meta label for security team labels Mar 3, 2026
@mohamedhamed-ahmed mohamedhamed-ahmed added the Team:Security Meta label for security team label Mar 3, 2026
@elasticsearchmachine elasticsearchmachine removed the Team:Security Meta label for security team label Mar 3, 2026
@mohamedhamed-ahmed mohamedhamed-ahmed added :Security/Authorization Roles, Privileges, DLS/FLS, RBAC/ABAC Team:Security Meta label for security team labels Mar 3, 2026
@elasticsearchmachine
Copy link
Copy Markdown
Collaborator

elasticsearchmachine commented Mar 3, 2026

Pinging @elastic/es-security (Team:Security)

@elasticsearchmachine elasticsearchmachine removed the needs:triage Requires assignment of a team area label label Mar 3, 2026
jeramysoucy
jeramysoucy requested changes Mar 3, 2026
View reviewed changes
Copy link
Copy Markdown

@jeramysoucy jeramysoucy left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. Is there a reason this PR is labeled with external-contributer, or is that just an error?

@mohamedhamed-ahmed
Copy link
Copy Markdown
Contributor Author

mohamedhamed-ahmed commented Mar 3, 2026

Is there a reason this PR is labeled with external-contributer, or is that just an error?

@jeramysoucy not sure TBH, the label was added automatically.
Will update the spreadsheet now.

jfreden
jfreden requested changes Mar 3, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@jfreden jfreden left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The manage index privilege already covers this, so this change shouldn't be needed.

manage is indices:admin/*, manage_view is indices:admin/esql/view* and the PUT, GET and DELETE operations are indices:admin/esql/view/put|get|delete.

jfreden
jfreden approved these changes Mar 3, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@jfreden jfreden left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@jfreden jfreden removed the external-contributor Pull request authored by a developer outside the Elasticsearch team label Mar 3, 2026
jeramysoucy
jeramysoucy approved these changes Mar 4, 2026
View reviewed changes
Copy link
Copy Markdown

@jeramysoucy jeramysoucy left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approving and noting that index pattern collision documentation needs to be updated here or wherever applicable regarding $.logs*

Could you create an issue or open a PR for this?

@mohamedhamed-ahmed
Copy link
Copy Markdown
Contributor Author

mohamedhamed-ahmed commented Mar 4, 2026
edited
Loading

Approving and noting that index pattern collision documentation needs to be updated here or wherever applicable regarding $.logs*

Could you create an issue or open a PR for this?

@jeramysoucy Thank you. Will sync on this with @mdbirnstiehl on the update of the docs and see if a ticket/PR is needed and do so 👍
Link for docs PR Add index patterns to avoid collisions section

@mohamedhamed-ahmed mohamedhamed-ahmed merged commit d8eb3a2 into elastic:main Mar 4, 2026
41 checks passed
@rgodfrey-elastic rgodfrey-elastic mentioned this pull request Mar 4, 2026
Merged
burqen pushed a commit to burqen/elasticsearch that referenced this pull request Mar 5, 2026
@mohamedhamed-ahmed @burqen
Add ESQL views privileges to kibana_system role (elastic#143455)
e7571a2 
* Add ESQL views privileges to kibana_system role

* updated indices to match views
This was referenced Mar 6, 2026
Merged
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jeramysoucy jeramysoucy jeramysoucy approved these changes

@jfreden jfreden jfreden approved these changes

Assignees

No one assigned

Labels

>non-issue :Security/Authorization Roles, Privileges, DLS/FLS, RBAC/ABAC Team:Security Meta label for security team v9.4.0

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@mohamedhamed-ahmed @elasticsearchmachine @jeramysoucy @jfreden