Change kibana_user and kibana_dashboard_only_user to use application privileges #32091
Labels
Comments
|
Pinging @elastic/es-security |
|
@kobelb this will prevent users from using kibana until kibana has also been upgraded if I understand correctly. I'm just pointing this out because we'll need to document this. |
That's a good point, and something we should definitely document because I can't think of a way around this. |
|
Closed by #32137 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
Now that we have the application privileges in place, and we're reviewing elastic/kibana#19723 , we'll want to switch the
kibana_userandkibana_dashboard_only_userroles to utilize the new application privileges and no longer have direct access to the.kibana*indices.We'd like the
kibana_userrole to have theallprivilege on*resources; and thekibana_dashboard_only_userrole to have thereadprivilege on*resources.It should be noted that we won't want to merge this change until elastic/kibana#19723 merges, or else we risk making existing users with the
kibana_userroles non-functional.The text was updated successfully, but these errors were encountered: