Skip to content

[DOCS] Add disclaimer that X-Pack Security users inherit anonymous roles #31589

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
n0othing opened this issue Jun 26, 2018 · 2 comments
Open

[DOCS] Add disclaimer that X-Pack Security users inherit anonymous roles #31589

n0othing opened this issue Jun 26, 2018 · 2 comments
Labels
>docs General docs changes :Security/Authorization Roles, Privileges, DLS/FLS, RBAC/ABAC Team:Security Meta label for security team

Comments

@n0othing
Copy link
Member

n0othing commented Jun 26, 2018
edited
Loading

When Anonymous Access is enabled, all other users will inherit whichever roles you assign your anonymous user. We should document this behavior as it can cause some confusing results (e.g an explicit user is given access to indices X/Y/Z, but also has access to index A thanks to xpack.security.authc.anonymous.roles).

Ideally, _es_anonymous_user should be the least privileged user, but it's not always the case.
@n0othing n0othing added >enhancement >docs General docs changes labels Jun 26, 2018
@tvernum tvernum added the :Security/Authorization Roles, Privileges, DLS/FLS, RBAC/ABAC label Jun 27, 2018
@elasticmachine
Copy link
Collaborator

Pinging @elastic/es-security

@jkakavas jkakavas mentioned this issue Sep 27, 2019
Closed
@jrodewig
Copy link
Contributor

jrodewig commented Oct 7, 2019

[docs issue triage]

Leaving open. This is still relevant:
https://www.elastic.co/guide/en/elastic-stack-overview/master/anonymous-access.html

@ywangd ywangd mentioned this issue Mar 18, 2020
Merged
@rjernst rjernst added Team:Docs Meta label for docs team Team:Security Meta label for security team labels May 4, 2020
@lockewritesdocs lockewritesdocs removed the Team:Docs Meta label for docs team label Apr 26, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
>docs General docs changes :Security/Authorization Roles, Privileges, DLS/FLS, RBAC/ABAC Team:Security Meta label for security team
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@rjernst @tvernum @n0othing @elasticmachine @lockewritesdocs @jrodewig