Skip to content

[8.0] [ML] Retain built-in ML roles granting Kibana privileges (#80014) #80018

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Oct 28, 2021
Merged

[8.0] [ML] Retain built-in ML roles granting Kibana privileges (#80014) #80018

merged 2 commits into from
Oct 28, 2021

Conversation

droberts195
Copy link
Contributor

Backports the following commits to 8.0:

@droberts195
[ML] Retain built-in ML roles granting Kibana privileges (elastic#80014)
af89f06 
The machine_learning_admin and machine_learning_user roles
in Elasticsearch also grant access to the ML pages in Kibana.

At one time it was intended that this should change in 8.0,
so that ML privileges in Kibana would be completely separate.

However, our thinking has now changed. An administrator cannot
give a user the Elasticsearch backend roles and expect Kibana
privileges alone to then stop that user from using ML - the
user could just switch to curl or even Kibana dev console (which
uses backend privileges rather than Kibana privileges). So it's
clearer what is really being permitted if the backend roles
continue to allow access to the ML UI as well as the ML backend
endpoints. There's nothing the user can see in the ML UI that
they couldn't find out by calling ML Elasticsearch endpoints
directly and rendering the responses in a more graphical way.
@droberts195 droberts195 added auto-merge-without-approval Automatically merge pull request when CI checks pass (NB doesn't wait for reviews!) backport labels Oct 28, 2021
@elasticsearchmachine elasticsearchmachine mentioned this pull request Oct 28, 2021
Merged
@droberts195
Copy link
Contributor Author

@elasticmachine update branch

@elasticsearchmachine elasticsearchmachine merged commit b17d96b into elastic:8.0 Oct 28, 2021
@droberts195 droberts195 deleted the backport/8.0/pr-80014 branch October 28, 2021 17:59
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
auto-merge-without-approval Automatically merge pull request when CI checks pass (NB doesn't wait for reviews!) backport v8.0.0-beta1
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@droberts195 @jakelandis @elasticsearchmachine @elasticmachine