Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Hide management sections based on cluster privileges #35965

Closed
kobelb opened this issue May 2, 2019 · 5 comments · Fixed by #67791
Closed

Hide management sections based on cluster privileges #35965

kobelb opened this issue May 2, 2019 · 5 comments · Fixed by #67791
Assignees
@legrego
Labels
enhancement New value added to drive a business result Feature:Security/Feature Controls Platform Security - Spaces & Role Mgmt feature controls ReleaseStatus Item of high enough importance that it should be called out in release status meetings Team:Security Team focused on: Auth, Users, Roles, Spaces, Audit Logging, and more!

Comments

@kobelb
Copy link
Contributor

kobelb commented May 2, 2019

We're currently always displaying the Elasticsearch, Beats and Security sections on the Management tab when the ES license includes the feature. We aren't taking into consideration the user's various cluster privileges and whether or not they should be able to access the management section at all. As part of the effort to hide the Management tab when the user doesn't have access to any of the actual management sub-sections, we'll want to hide these sections based on the user's cluster/index privileges.
@kobelb kobelb added the Team:Security Team focused on: Auth, Users, Roles, Spaces, Audit Logging, and more! label May 2, 2019
@elasticmachine
Copy link
Contributor

Pinging @elastic/kibana-security

@kobelb kobelb added Feature:Security/Feature Controls Platform Security - Spaces & Role Mgmt feature controls enhancement New value added to drive a business result labels May 2, 2019
@kobelb kobelb mentioned this issue May 2, 2019
Closed
@kobelb kobelb mentioned this issue May 29, 2019
Open
@wylieconlon
Copy link
Contributor

The License Management section should be included here too, since users without management privileges already can't make license changes.

@kobelb kobelb changed the title Security - Hide management sections based on cluster privileges Hide management sections based on cluster privileges Jun 19, 2019
@asadmehmoodch
Copy link

Hiding management for a space certainly will help to put more control where security around ES clusteris based and controlled by nginx or apache servers or some other solutions such as outh2, SSO etc.
A much needed feature with all the existing excellent feature of 7.4 version.

@arisonl
Copy link
Contributor

arisonl commented Nov 28, 2019
edited
Loading

As a note, there are requests asking for the ability to remove/hide the management menu entirely rather than resolving the sub-items to be hidden based on privileges automatically. Thoughts?

@kobelb
Copy link
Contributor Author

kobelb commented Dec 2, 2019

@arisonl currently, you can control access to the following features using "Feature Controls":

Screen Shot 2019-12-02 at 8 22 53 AM

If we introduced "Management" as a sibling feature, it'd be awkward to have to select both "Management" and the other features to make them visible or grant the user access.

We could potentially move "Advanced Settings", "Index Pattern Management" and "Saved Object Management" to be children of "Management" once #35616 is implemented. However, this introduces some inconsistencies... When a user is given a role with all access to the "Management" feature, they wouldn't be granted access to all of the Management sections, as many of them are not integrated with the "Kibana Privileges" and relies on the user having various "Elasticsearch Privileges":

Screen Shot 2019-12-02 at 8 31 46 AM

It's for these reasons that we've decided to not introduce a "Management" feature and instead hide individual management sub-sections, and if all of them are hidden we'd hide the Management tab.

@legrego legrego mentioned this issue Jan 6, 2020
Merged
@arisonl arisonl mentioned this issue Feb 7, 2020
Open
@legrego legrego self-assigned this Jun 4, 2020
@kobelb kobelb mentioned this issue Jun 11, 2020
Closed
This was referenced Jul 13, 2020
Merged
Merged
@cqliu1 cqliu1 mentioned this issue Jul 21, 2020
Merged
6 tasks
@legrego legrego mentioned this issue Sep 2, 2020
Closed
@stacey-gammon stacey-gammon added the ReleaseStatus Item of high enough importance that it should be called out in release status meetings label Sep 17, 2020
@legrego legrego mentioned this issue Sep 21, 2020
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@legrego legrego

Labels
enhancement New value added to drive a business result Feature:Security/Feature Controls Platform Security - Spaces & Role Mgmt feature controls ReleaseStatus Item of high enough importance that it should be called out in release status meetings Team:Security Team focused on: Auth, Users, Roles, Spaces, Audit Logging, and more!
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Hide management sections based on cluster/index privileges legrego/kibana
7 participants
@kobelb @wylieconlon @legrego @arisonl @elasticmachine @stacey-gammon @asadmehmoodch