Allow defining privileges limited to a subset of a resource #34384
Labels
Meta
:Security/Security
Security issues without another label
Team:Security
Meta label for security team
When considering cluster actions, Security uses a binary decision based on the action name and the user's privileges. In order to meet the needs of our users, security should also take the actual resource into account like we do in the case of index level actions.
The team recently discussed this and we feel that it is possible to accomplish this using the existing infrastructure for security by inspecting requests and what they will be affecting. In terms of defining these privileges, the format developed as part of #32116; that is they would be defined under the
policy
field of a role.This issue will be used to track the overall progress of adding these new privilege restrictions.
The text was updated successfully, but these errors were encountered: