Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remove code_user, code_admin roles and remove .code* index privileges for kibana_system role #49842

Closed
kobelb opened this issue Dec 4, 2019 · 2 comments · Fixed by #50068
Closed

Remove code_user, code_admin roles and remove .code* index privileges for kibana_system role #49842

kobelb opened this issue Dec 4, 2019 · 2 comments · Fixed by #50068
Assignees
@tvernum
Labels
:Security/Authorization Roles, Privileges, DLS/FLS, RBAC/ABAC

Comments

@kobelb
Copy link
Contributor

kobelb commented Dec 4, 2019

Since the experimental code application has now been removed from Kibana, we can remove or modify some of the existing reserved roles as well.

The code_user and code_admin roles can be removed entirely.

Additionally, the kibana_system role can be modified to remove the index-privileges for the code-* and code_internal-* indices.
@kobelb kobelb added the :Security/Authorization Roles, Privileges, DLS/FLS, RBAC/ABAC label Dec 4, 2019
@elasticmachine
Copy link
Collaborator

Pinging @elastic/es-security (:Security/Authorization)

@tvernum tvernum self-assigned this Dec 5, 2019
@tvernum
Copy link
Contributor

tvernum commented Dec 5, 2019

Thanks for raising this @kobelb.
It has been on my TODO list, but I didn't get around to opening an issue yet.

tvernum added a commit to tvernum/elasticsearch that referenced this issue Dec 11, 2019
@tvernum
Remove reserved roles for code search
837f500 
The "code_user" and "code_admin" reserved roles existed to support
code search which is no longer included in Kibana.

The "kibana_system" role included privileges to read/write from the
code search indices, but no longer needs that access.

Resolves: elastic#49842
@tvernum tvernum mentioned this issue Dec 11, 2019
Merged
tvernum added a commit that referenced this issue Dec 12, 2019
@tvernum
Remove reserved roles for code search (#50068)
e1f2f0f 
The "code_user" and "code_admin" reserved roles existed to support
code search which is no longer included in Kibana.

The "kibana_system" role included privileges to read/write from the
code search indices, but no longer needs that access.

Resolves: #49842
tvernum added a commit to tvernum/elasticsearch that referenced this issue Dec 12, 2019
@tvernum
Remove reserved roles for code search
51c014c 
The "code_user" and "code_admin" reserved roles existed to support
code search which is no longer included in Kibana.

The "kibana_system" role included privileges to read/write from the
code search indices, but no longer needs that access.

Resolves: elastic#49842
Backport of: elastic#50068
SivagurunathanV pushed a commit to SivagurunathanV/elasticsearch that referenced this issue Jan 23, 2020
@tvernum @SivagurunathanV
Remove reserved roles for code search (elastic#50068)
8513af8 
The "code_user" and "code_admin" reserved roles existed to support
code search which is no longer included in Kibana.

The "kibana_system" role included privileges to read/write from the
code search indices, but no longer needs that access.

Resolves: elastic#49842
This was referenced Feb 3, 2020
Closed
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@tvernum tvernum

Labels
:Security/Authorization Roles, Privileges, DLS/FLS, RBAC/ABAC
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Remove reserved roles for code search tvernum/elasticsearch
3 participants
@kobelb @tvernum @elasticmachine