Skip to content

Expand fleet-server privileges to include restricted indices#77531

Merged
ywangd merged 2 commits intoelastic:masterfrom
ywangd:fleet-server-restricted-indices
Sep 10, 2021
Merged

Expand fleet-server privileges to include restricted indices#77531
ywangd merged 2 commits intoelastic:masterfrom
ywangd:fleet-server-restricted-indices

Conversation

@ywangd
Copy link
Copy Markdown
Member

@ywangd ywangd commented Sep 10, 2021

Since #74212, all system indices are now treated as restricted indices,
which includes the fleet system indices. As a result, the fleet-server
server account needs privileges to access restricted indices under the
fleet-* namespace.

Relates: #74212

@ywangd
Expand fleet-server privileges to include restricted indices
ab2a65e 
Since elastic#74212, all system indices are now treated as restricted indices,
which includes the fleet system indices. As a result, the fleet-server
server account needs privileges to access restricted indices under the
fleet-* namespace.

Relates: elastic#74212
@ywangd ywangd added >non-issue :Security/Authorization Roles, Privileges, DLS/FLS, RBAC/ABAC v8.0.0 labels Sep 10, 2021
@ywangd ywangd requested a review from tvernum September 10, 2021 00:18
@elasticmachine elasticmachine added the Team:Security Meta label for security team label Sep 10, 2021
@elasticmachine
Copy link
Copy Markdown
Collaborator

elasticmachine commented Sep 10, 2021

Pinging @elastic/es-security (Team:Security)

@ywangd ywangd mentioned this pull request Sep 10, 2021
Closed
tvernum
tvernum approved these changes Sep 10, 2021
View reviewed changes
Copy link
Copy Markdown
Contributor

@tvernum tvernum left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@ywangd ywangd merged commit 28503d7 into elastic:master Sep 10, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@tvernum tvernum tvernum approved these changes

@williamrandolph williamrandolph Awaiting requested review from williamrandolph

Assignees

No one assigned

Labels

>non-issue :Security/Authorization Roles, Privileges, DLS/FLS, RBAC/ABAC Team:Security Meta label for security team v8.0.0-alpha2

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@ywangd @elasticmachine @tvernum @jakelandis