Allow defining privileges limited to a subset of a resource #34384
Labels
Meta
:Security/Security
Security issues without another label
Team:Security
Meta label for security team
Comments
|
Pinging @elastic/es-security |
jaymode
changed the title
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
When considering cluster actions, Security uses a binary decision based on the action name and the user's privileges. In order to meet the needs of our users, security should also take the actual resource into account like we do in the case of index level actions.
The team recently discussed this and we feel that it is possible to accomplish this using the existing infrastructure for security by inspecting requests and what they will be affecting. In terms of defining these privileges, the format developed as part of #32116; that is they would be defined under the
policyfield of a role.This issue will be used to track the overall progress of adding these new privilege restrictions.
The text was updated successfully, but these errors were encountered: