Skip to content

entityanalytics_ad: Allow rerouting permissions to write data to other data streams. #16076

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Nov 21, 2025
Merged

entityanalytics_ad: Allow rerouting permissions to write data to other data streams. #16076

merged 3 commits into from
Nov 21, 2025

Conversation

@kcreddy
Copy link
Contributor

@kcreddy kcreddy commented Nov 21, 2025
edited
Loading

Proposed commit message

Make "data_stream.elasticsearch.dynamic_dataset" and 
"data_stream.elasticsearch.dynamic_namespace" settings to "true".
Without these settings, the permissions are not properly added to write 
data to "user" and "device" data streams and causes the error:

{\"type\":\"security_exception\",\"reason\":\"action [indices:data/write/bulk[s]] is unauthorized for API key id [REDACTED] of user [elastic/fleet-server] on indices [logs-entityanalytics_ad.user-default], this action is granted by the index privileges [create_doc,create,delete,index,write,all]\"}

Other "entityanalytics_*" integrations already have these settings.

Checklist

  • I have reviewed tips for building integrations and this pull request is aligned with them.
  • I have verified that all data streams collect metrics or logs.
  • I have added an entry to my package's changelog.yml file.
  • I have verified that Kibana version constraints are current according to guidelines.
  • I have verified that any added dashboard complies with Kibana's Dashboard good practices

@kcreddy kcreddy self-assigned this Nov 21, 2025
@kcreddy kcreddy added bugfix Pull request that fixes a bug issue Team:Security-Service Integrations Security Service Integrations team [elastic/security-service-integrations] Integration:entityanalytics_ad Active Directory Entity Analytics labels Nov 21, 2025
@kcreddy kcreddy marked this pull request as ready for review November 21, 2025 10:17
@kcreddy kcreddy requested a review from a team as a code owner November 21, 2025 10:17
@elasticmachine
Copy link

elasticmachine commented Nov 21, 2025

Pinging @elastic/security-service-integrations (Team:Security-Service Integrations)

@elasticmachine
Copy link

elasticmachine commented Nov 21, 2025

💚 Build Succeeded

cc @kcreddy

chemamartinez
chemamartinez approved these changes Nov 21, 2025
View reviewed changes
Copy link
Contributor

@chemamartinez chemamartinez left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@kcreddy kcreddy merged commit cbbd016 into elastic:main Nov 21, 2025
7 checks passed
@elastic-vault-github-plugin-prod
Copy link

elastic-vault-github-plugin-prod bot commented Nov 21, 2025

Package entityanalytics_ad - 0.17.1 containing this change is available at https://epr.elastic.co/package/entityanalytics_ad/0.17.1/

@kcreddy kcreddy deleted the entity-ad-permissions branch November 21, 2025 16:30
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@chemamartinez chemamartinez chemamartinez approved these changes

Assignees

@kcreddy kcreddy

Labels

bugfix Pull request that fixes a bug issue Integration:entityanalytics_ad Active Directory Entity Analytics Team:Security-Service Integrations Security Service Integrations team [elastic/security-service-integrations]

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@kcreddy @elasticmachine @chemamartinez