-
Notifications
You must be signed in to change notification settings - Fork 8.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Hide management sections based on cluster privileges #35965
Comments
Pinging @elastic/kibana-security |
The License Management section should be included here too, since users without management privileges already can't make license changes. |
Hiding management for a space certainly will help to put more control where security around ES clusteris based and controlled by nginx or apache servers or some other solutions such as outh2, SSO etc. |
As a note, there are requests asking for the ability to remove/hide the management menu entirely rather than resolving the sub-items to be hidden based on privileges automatically. Thoughts? |
@arisonl currently, you can control access to the following features using "Feature Controls": If we introduced "Management" as a sibling feature, it'd be awkward to have to select both "Management" and the other features to make them visible or grant the user access. We could potentially move "Advanced Settings", "Index Pattern Management" and "Saved Object Management" to be children of "Management" once #35616 is implemented. However, this introduces some inconsistencies... When a user is given a role with all access to the "Management" feature, they wouldn't be granted access to all of the Management sections, as many of them are not integrated with the "Kibana Privileges" and relies on the user having various "Elasticsearch Privileges": It's for these reasons that we've decided to not introduce a "Management" feature and instead hide individual management sub-sections, and if all of them are hidden we'd hide the Management tab. |
We're currently always displaying the Elasticsearch, Beats and Security sections on the Management tab when the ES license includes the feature. We aren't taking into consideration the user's various cluster privileges and whether or not they should be able to access the management section at all. As part of the effort to hide the Management tab when the user doesn't have access to any of the actual management sub-sections, we'll want to hide these sections based on the user's cluster/index privileges.
The text was updated successfully, but these errors were encountered: