New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Security Solution] Update session viewer Policy permissions to use Policy specific check #160448
Conversation
Pinging @elastic/security-defend-workflows (Team:Defend Workflows) |
💛 Build succeeded, but was flaky
Failed CI StepsTest Failures
Metrics [docs]Async chunks
Unknown metric groupsESLint disabled line counts
Total ESLint disabled count
To update your PR or re-run it, just comment with: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM!
…olicy specific check (elastic#160448) ## Summary This PR updates the session viewer code to use the `canReadPolicyManagement ` permission as opposed to `canAccessEndpointManagement`. This is because `canAccessEndpointManagement` requires super user permissions while `canReadPolicyManagement` which is a more specific permission. ### Checklist - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com> (cherry picked from commit 6a9e8d4)
💚 All backports created successfully
Note: Successful backport PRs will be merged automatically after passing CI. Questions ?Please refer to the Backport tool documentation |
… use Policy specific check (#160448) (#161127) # Backport This will backport the following commits from `main` to `8.9`: - [[Security Solution] Update session viewer Policy permissions to use Policy specific check (#160448)](#160448) <!--- Backport version: 8.9.7 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sqren/backport) <!--BACKPORT [{"author":{"name":"Kevin Logan","email":"56395104+kevinlog@users.noreply.github.com"},"sourceCommit":{"committedDate":"2023-07-03T16:53:46Z","message":"[Security Solution] Update session viewer Policy permissions to use Policy specific check (#160448)\n\n## Summary\r\n\r\nThis PR updates the session viewer code to use the\r\n`canReadPolicyManagement ` permission as opposed to\r\n`canAccessEndpointManagement`. This is because\r\n`canAccessEndpointManagement` requires super user permissions while\r\n`canReadPolicyManagement` which is a more specific permission.\r\n\r\n\r\n### Checklist\r\n- [x] [Unit or functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere updated or added to match the most common scenarios\r\n\r\n---------\r\n\r\nCo-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>","sha":"6a9e8d422cc1e27089615429152b175f075790a7","branchLabelMapping":{"^v8.10.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:fix","Team:Defend Workflows","v8.9.0","v8.10.0"],"number":160448,"url":"#160448 Solution] Update session viewer Policy permissions to use Policy specific check (#160448)\n\n## Summary\r\n\r\nThis PR updates the session viewer code to use the\r\n`canReadPolicyManagement ` permission as opposed to\r\n`canAccessEndpointManagement`. This is because\r\n`canAccessEndpointManagement` requires super user permissions while\r\n`canReadPolicyManagement` which is a more specific permission.\r\n\r\n\r\n### Checklist\r\n- [x] [Unit or functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere updated or added to match the most common scenarios\r\n\r\n---------\r\n\r\nCo-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>","sha":"6a9e8d422cc1e27089615429152b175f075790a7"}},"sourceBranch":"main","suggestedTargetBranches":["8.9"],"targetPullRequestStates":[{"branch":"8.9","label":"v8.9.0","labelRegex":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"main","label":"v8.10.0","labelRegex":"^v8.10.0$","isSourceBranch":true,"state":"MERGED","url":"#160448 Solution] Update session viewer Policy permissions to use Policy specific check (#160448)\n\n## Summary\r\n\r\nThis PR updates the session viewer code to use the\r\n`canReadPolicyManagement ` permission as opposed to\r\n`canAccessEndpointManagement`. This is because\r\n`canAccessEndpointManagement` requires super user permissions while\r\n`canReadPolicyManagement` which is a more specific permission.\r\n\r\n\r\n### Checklist\r\n- [x] [Unit or functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere updated or added to match the most common scenarios\r\n\r\n---------\r\n\r\nCo-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>","sha":"6a9e8d422cc1e27089615429152b175f075790a7"}}]}] BACKPORT--> Co-authored-by: Kevin Logan <56395104+kevinlog@users.noreply.github.com>
…olicy specific check (elastic#160448) ## Summary This PR updates the session viewer code to use the `canReadPolicyManagement ` permission as opposed to `canAccessEndpointManagement`. This is because `canAccessEndpointManagement` requires super user permissions while `canReadPolicyManagement` which is a more specific permission. ### Checklist - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
Summary
This PR updates the session viewer code to use the
canReadPolicyManagement
permission as opposed tocanAccessEndpointManagement
. This is becausecanAccessEndpointManagement
requires super user permissions whilecanReadPolicyManagement
which is a more specific permission.Checklist