-
Notifications
You must be signed in to change notification settings - Fork 915
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[feature-proposal] Dashboards security out of box #1215
Comments
Just curious whether the "out of box" way is to make it a native feature under |
Good question, it means native feature and build-in functionality Refer to below wiki as reference about OOTB |
Is there a corresponding issue for OpenSearch associated with this issue? |
|
we could take a look that RFC, but we should think from end user point view, before jump into backend implementation detail to avoid bias. In the case backend's RFC/Design doesn't support what end user need. We should raise the issue to their repo and ask for change. besides opensearch-project/OpenSearch#1029, another opensearch related item is |
It seems to me typical RBAC may not suffice, in addition to access control against operations, we may also need to support resource level access control. In the case of a typical RBAC, we have control against user permissions to perform certain operations, such as:
This will be a discrepancy with OpenSearch, as OpenSearch provides access control at resource level. In the case when 2 department/org use the same OSD service, and requires some data isolation, they will have resource level access control on the OpenSearch side, but if OSD doens't have it, OSD users will see index-patterns (includes field names and types) of indices they have no access |
Are we differentiating between Dashboards users and Engine (backend) users? How do we disambiguate between a user logging into Dashboards, vs a user logging into a Cluster? Will we pass credentials through? |
What does user configure at this step? Does user select a DB to store meta information and connect the DB to Dashboards? |
We should be more explicit about differentiating between Dashboard entities (visualizations, dashboards, index patterns) and backend entities (cluster, index, document, field) |
Similar to @zengyan-amazon's comment, is there a plan to differentiate between access control to data, vs access control to dashboards objects. For example, what happens if a visualization has been shared with me, but I don't have access to the underlying indices or index patterns? Will the user see an error? Will they have a way to authenticate to the backing cluster? |
One of the options is to combine this with role-based access control. Having static roles for features, mapping the static roles to users would grant users the permissions to the features. |
Are there any plans in this proposal for 3rd party plugins to register their features to support the security model? e.g. a plugin should be able to register either routes or api's that need specific auth roles to be accessible. And to take that a step further, provide options for an admin to specify which features need which auth role to access. |
Tracking use cases and additional discussions related to this topic in this thread: opensearch-project/ux#54. If you have use cases to consider, comments, or thoughts feel free to add to the discussion thread. |
Feature request
Is your feature request related to a problem? Please describe.
Today, dashboards doesn't have security(Authentication, Authorization, Role based access control (feature based, not index/doc based control)
A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
Describe the solution you'd like
I'd like to install and get dashboards security out of box. below is initial thoughts about expected experience
1 Setup Use Case
2 Authentication
3 Authorization - RBAC(Role based access control)
Role based access control is an approach to restricting system access to authorized users. In this system, user will be added multiple roles, privileges to features and resources will be granted to roles.
3.1 Role:
TODO: we need to build default/system role
e.g. do we support anonymous role
3.2 Feature List
Initial proposal two level feature list as example.
The first level is group of related feature/plugins, the second level the actual feature.
3.3 Access: Navigate, View, Update, Delete, System Admin
3.3.1 Feature based access control
We want to propose role based feature access control, which admin could control what feature and which access level user could see and use.
Below are proposed typical privilege or access Dashboards will care
3.3.2 Resource based access control (managed backend data)
3.3.2.1 RBAC for OpenSearch
3.3.2.2 RBAC for multiple OpenSearch
3.3.2.3 RBAC for non-OpenSearch database
3.3.2.4 RBAC for third party service/data source integration
e.g. Graphite - Timeline
3.3.3 Allow/Deny
there are two ways to manage access. Allow or Deny. Most of scenario we allow user/role to feature/resource. To be flexible, there are also case user has access to all resources, but only be prevent to specific feature/resource, that is deny rules.
4 Authorization - Service to Service
4.1 OAuth
OAuth (Open Authorization[1][2]) is an open standard for access delegation, commonly used as a way for internet users to grant websites or applications access to their information on other websites but without giving them the passwords.
4.2 Pass credential from service to service
5 Examples
Mike is admin for both dashboards
Mary is VP of Operation who review and read dashboards created by DevOps team
John is one DevOps Lead who create dashboards and metrics to measure their sytem
Describe alternatives you've considered
The text was updated successfully, but these errors were encountered: