Adding explanation for editing permissions 20230825 #6606
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
leanneeliatra
requested review from
hdhalter,
kolchfa-aws,
Naarcha-AWS,
vagimeli,
AMoo-Miki,
natebower,
dlvenable and
stephen-crawford
as code owners
leanneeliatra
changed the title
20 tasks
|
This PR is ready for review please. |
Naarcha-AWS
added
4 - Doc review
Naarcha-AWS
requested changes
Mar 7, 2024
There was a problem hiding this comment.
I think we should change this to a step through to make it more readable. Also, we should decide whether the role changes occur in Dashboards on in the configuration level? Specifically, do we need to run securityadmin.sh in order to DLS role changes to occur?
Co-authored-by: Naarcha-AWS <[email protected]> Signed-off-by: leanneeliatra <[email protected]>
Co-authored-by: Naarcha-AWS <[email protected]> Signed-off-by: leanneeliatra <[email protected]>
Co-authored-by: Naarcha-AWS <[email protected]> Signed-off-by: leanneeliatra <[email protected]>
Co-authored-by: Naarcha-AWS <[email protected]> Signed-off-by: leanneeliatra <[email protected]>
…dd edit DLS section Signed-off-by: [email protected] <[email protected]>
Signed-off-by: [email protected] <[email protected]>
Signed-off-by: [email protected] <[email protected]>
Naarcha-AWS
requested changes
Mar 21, 2024
Updates following review Co-authored-by: Naarcha-AWS <[email protected]> Signed-off-by: leanneeliatra <[email protected]>
Yes thanks a million for that in-depth review @Naarcha-AWS. Much appreciated. All comments have now been addressed. |
|
This should be ready to merge, all comments addressed from my end. They just need to be accepted. Thank you. cc @Naarcha-AWS |
Naarcha-AWS
approved these changes
Mar 26, 2024
Naarcha-AWS
added
5 - Editorial review
Naarcha-AWS
reviewed
Mar 26, 2024
Naarcha-AWS
reviewed
Mar 26, 2024
Naarcha-AWS
reviewed
Mar 26, 2024
Naarcha-AWS
reviewed
Mar 26, 2024
Naarcha-AWS
reviewed
Mar 26, 2024
Naarcha-AWS
reviewed
Mar 26, 2024
Signed-off-by: Naarcha-AWS <[email protected]>
natebower
requested changes
Mar 27, 2024
There was a problem hiding this comment.
@leanneeliatra @Naarcha-AWS Please see my comments and changes and let me know if you have any questions. I'd like to see the resolution to my comment on line 24 of the first file before approving. Thanks!
|
|
||
| A typical request to the `_search` API includes `{ "query": { ... } }` around the query, but in this case, you only need to specify the query itself. | ||
| Document-level security lets you restrict a role to a subset of documents in an index. | ||
| For more information about users and roles in OpenSearch, see the [documentation](https://opensearch.org/docs/latest/security/access-control/users-roles/#create-roles). |
There was a problem hiding this comment.
What documentation, specifically?
| 2. Choose **Security** > **Roles** | ||
| 3. Select **Create Role** and provide a name for the role. | ||
| 4. Review the **Index permissions** section and any necessary [index permissions](https://opensearch.org/docs/latest/security/access-control/permissions/) for the role. | ||
| 5. Add document-level security with the addition of a DSL query inside the `Document level security - optional` section. A typical request to the `_search` API includes the `{ "query": { ... } }` around the query, but when Document-level security in OpenSearch Dashboards, you only need to specify the query itself. For example, the following DSL query specifies that for the new role to have access to a document, the query's `genres` field must include `Comedy`: |
There was a problem hiding this comment.
Should DSL be defined on first appearance?
|
|
||
| 1. Choose **Security** > **Roles**. Under the **Create role** section, select **Explore existing roles**. | ||
| 1. Select the role you would like to edit. | ||
| 1. Choose **edit role** on the upper right. Make any updates you need to the role. |
There was a problem hiding this comment.
Clarify: "on the upper right of the screen"?
Co-authored-by: Nathan Bower <[email protected]> Signed-off-by: Naarcha-AWS <[email protected]>
Signed-off-by: Naarcha-AWS <[email protected]>
natebower
approved these changes
Mar 27, 2024
Co-authored-by: Nathan Bower <[email protected]> Signed-off-by: leanneeliatra <[email protected]>
hdhalter
added
3 - Done
opensearch-trigger-bot bot
pushed a commit
that referenced
this pull request
Mar 28, 2024
* adding explination for editing permissions Signed-off-by: [email protected] <[email protected]> * changed to a h3 to see if review dog will accept Signed-off-by: [email protected] <[email protected]> * Update _security/access-control/document-level-security.md Co-authored-by: Naarcha-AWS <[email protected]> Signed-off-by: leanneeliatra <[email protected]> * Update _security/access-control/document-level-security.md Co-authored-by: Naarcha-AWS <[email protected]> Signed-off-by: leanneeliatra <[email protected]> * Update _security/access-control/document-level-security.md Co-authored-by: Naarcha-AWS <[email protected]> Signed-off-by: leanneeliatra <[email protected]> * Update _security/access-control/document-level-security.md Co-authored-by: Naarcha-AWS <[email protected]> Signed-off-by: leanneeliatra <[email protected]> * Updates to both the users roles and DLS sections to reflect need to add edit DLS section Signed-off-by: [email protected] <[email protected]> * updating after reviewdog comments Signed-off-by: [email protected] <[email protected]> * updating roles in OpenSearch updates Signed-off-by: [email protected] <[email protected]> * Apply suggestions from code review Updates following review Co-authored-by: Naarcha-AWS <[email protected]> Signed-off-by: leanneeliatra <[email protected]> * Apply suggestions from code review Signed-off-by: Naarcha-AWS <[email protected]> * Apply suggestions from code review Co-authored-by: Nathan Bower <[email protected]> Signed-off-by: Naarcha-AWS <[email protected]> * Update document-level-security.md Signed-off-by: Naarcha-AWS <[email protected]> * Update _security/access-control/document-level-security.md Co-authored-by: Nathan Bower <[email protected]> Signed-off-by: leanneeliatra <[email protected]> --------- Signed-off-by: [email protected] <[email protected]> Signed-off-by: leanneeliatra <[email protected]> Signed-off-by: Naarcha-AWS <[email protected]> Co-authored-by: Naarcha-AWS <[email protected]> Co-authored-by: Nathan Bower <[email protected]> (cherry picked from commit 6f8261b) Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
Naarcha-AWS
added a commit
that referenced
this pull request
Mar 28, 2024
* adding explination for editing permissions * changed to a h3 to see if review dog will accept * Update _security/access-control/document-level-security.md * Update _security/access-control/document-level-security.md * Update _security/access-control/document-level-security.md * Update _security/access-control/document-level-security.md * Updates to both the users roles and DLS sections to reflect need to add edit DLS section * updating after reviewdog comments * updating roles in OpenSearch updates * Apply suggestions from code review Updates following review * Apply suggestions from code review * Apply suggestions from code review * Update document-level-security.md * Update _security/access-control/document-level-security.md --------- (cherry picked from commit 6f8261b) Signed-off-by: [email protected] <[email protected]> Signed-off-by: leanneeliatra <[email protected]> Signed-off-by: Naarcha-AWS <[email protected]> Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> Co-authored-by: Naarcha-AWS <[email protected]> Co-authored-by: Nathan Bower <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
A customer submitted a query in relation to this page of the documentation:
https://opensearch.org/docs/latest/security/access-control/document-level-security/
Customer query
This document did not provide information on how edit the document level permissions.
Fix
To add a section in to address how to edit the document level permissions.
Issues Resolved
This ticket addresses one part of #4314
Checklist
For more information on following Developer Certificate of Origin and signing off your commits, please check here.