Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Introduce read-only view for Role Mapping Management #141802

Closed
legrego opened this issue Sep 26, 2022 · 1 comment · Fixed by #145411
Closed

Introduce read-only view for Role Mapping Management #141802

legrego opened this issue Sep 26, 2022 · 1 comment · Fixed by #145411
Assignees
@jeramysoucy
Labels
enhancement New value added to drive a business result Feature:Users/Roles/API Keys Team:Security Team focused on: Auth, Users, Roles, Spaces, Audit Logging, and more!

Comments

@legrego
Copy link
Member

legrego commented Sep 26, 2022

Elasticsearch introduced a new read_security cluster privilege via elastic/elasticsearch#89790, which is meant to be a read-only version of their manage_security cluster privilege.

The Role Mapping Management screen currently requires manage_security, but we should also allow for users with read_security to view a read-only version of this screen.
@legrego legrego added Team:Security Team focused on: Auth, Users, Roles, Spaces, Audit Logging, and more! enhancement New value added to drive a business result Feature:Users/Roles/API Keys labels Sep 26, 2022
@elasticmachine
Copy link
Contributor

Pinging @elastic/kibana-security (Team:Security)

@legrego legrego mentioned this issue Sep 26, 2022
Closed
@jeramysoucy jeramysoucy self-assigned this Oct 31, 2022
@jeramysoucy jeramysoucy mentioned this issue Nov 16, 2022
Merged
3 tasks
jeramysoucy added a commit that referenced this issue Nov 28, 2022
@jeramysoucy
Adds read-only view to role mappings management (#145411)
e5f5311 
Resolves #141802

## Summary

Adds read-only role mappings UI.

### ToDo

- [x] Update Unit Tests
- [x] Replace deprecated EUI components (EuiPageContent ->
EuiPageSection)
- [ ] Remove code editor read-only tooltip (only appears with delete
keypress) - Does not appear possible yet, this feature does not exist in
the react code editor component

## Testing

1. Create a user with `read_security` privileges and the `viewer` role
(Kibana admin role also works)
2. Login as that user and navigate to Stack Management > Role Mappings
3. There should be a message stating that there are no role mappings,
but no button to create one
4. Log in as a superuser to create role mappings that can be viewed
5. Log back in as the test user and verify a read-only view if the
created role mappings
6. Lather, rinse, repeat to check various UI modes (roles vs role
templates, rule visualization vs raw json)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jeramysoucy jeramysoucy

Labels
enhancement New value added to drive a business result Feature:Users/Roles/API Keys Team:Security Team focused on: Auth, Users, Roles, Spaces, Audit Logging, and more!
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Adds read-only view to role mappings management jeramysoucy/kibana
3 participants
@legrego @elasticmachine @jeramysoucy