Skip to content

Add apm_user permissions for non-service specific datasets #72737

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
simitt opened this issue May 5, 2021 · 1 comment
Closed

Add apm_user permissions for non-service specific datasets #72737

simitt opened this issue May 5, 2021 · 1 comment
Labels
:Security/Authorization Roles, Privileges, DLS/FLS, RBAC/ABAC v7.13.0

Comments

@simitt
Copy link
Contributor

simitt commented May 5, 2021

Based on recent conversations around data streams for APM, there is no final decision yet that apm data streams will be created per instrumented Service. If datastreams are not created per service, the current pattern for the apm_user permissions need to be adapted to not only support <type>-apm.* but also <type>-apm-*.

Following up on #68749 this means adding metrics-apm-*, logs-apm-* and traces-apm-* to the allowed patterns.

Since it was agreed on that this is considered a breaking change (#68749 (comment)) we should try to add the additional patterns in the same version (7.13).
@simitt simitt added >bug needs:triage Requires assignment of a team area label :Security/Authorization Roles, Privileges, DLS/FLS, RBAC/ABAC v7.13.0 and removed >bug labels May 5, 2021
@elasticmachine elasticmachine added the Team:Security Meta label for security team label May 5, 2021
@elasticmachine
Copy link
Collaborator

Pinging @elastic/es-security (Team:Security)

@simitt simitt removed Team:Security Meta label for security team needs:triage Requires assignment of a team area label labels May 5, 2021
simitt added a commit to simitt/elasticsearch that referenced this issue May 5, 2021
@simitt
add permissions for apm_user for datastreams
e09ff29 
fixes elastic#72737
@simitt simitt mentioned this issue May 5, 2021
Merged
henningandersen pushed a commit that referenced this issue May 5, 2021
@simitt @henningandersen
Add permissions for apm_user for datastreams (#72739)
1893ab1 
Based on recent conversations around data streams for APM, there is no final
decision yet that apm data streams will be created per instrumented Service.
If datastreams are not created per service, the current pattern for the apm_user
permissions need to be adapted to not only support <type>-apm.* but also
<type>-apm-*.

fixes #72737
henningandersen pushed a commit that referenced this issue May 5, 2021
@simitt @henningandersen
Add permissions for apm_user for datastreams (#72739)
f92320a 
Based on recent conversations around data streams for APM, there is no final
decision yet that apm data streams will be created per instrumented Service.
If datastreams are not created per service, the current pattern for the apm_user
permissions need to be adapted to not only support <type>-apm.* but also
<type>-apm-*.

fixes #72737
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
:Security/Authorization Roles, Privileges, DLS/FLS, RBAC/ABAC v7.13.0
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@simitt @elasticmachine