Admin Users must be able to access all monitors #139
Comments
skkosuri-amzn
changed the title
|
Should it just be "Admin" users that we support this for? Or should it be at the permission level, i.e. anyone with a superset of permissions that overlap a job should be able to view it? And what happens when someone w/ more permissions or a single unique role/permission updates the job and now other people can't view it? I think that can be solved w/ allowing the user to choose what roles/permissions should be stored on the job? |
|
"admin" users here refer to users with Along with this change we plan to implement #128, which will remove role/permission updates to the job. Also roles selection is also planned during the monitor creation, and plan to support only in API first. |
|
Will you do 138 and 128 at the same time? Otherwise if you do 128 first it might cause issues, i.e. someone creates a monitor w/ all the triggers and then realize they are missing a permission -> get the required permission and try to update the monitor -> and now they can't -> they have to recreate the entire monitor instead. |
|
Do you mean "OR" ...
IE - "admin" users here refer to users with Would you consider a new role (IE - |
|
I don't see any references to these on the roadmap for 1.2.0. |
Thanks for the callout. Will add to the roadmap by early next week. |
|
Would you be able to answer ... Do you mean "OR" ...
IE - "admin" users here refer to users with all_access role OR admin_dn users configured in OpenSearch.yml . Would you consider a new role (IE - alerting_admin_access) that has this access? |
@ryn9 yes, OR. Thanks for catching it. |
|
Would you consider a new role (IE - alerting_admin_access) that also has this access? .
Have all the additions to the roadmap been completed? |
|
Added #202 to the roadmap. |
opensearch-project#220) * Admin Users must be able to access all monitors opensearch-project#139 * Refactored
opensearch-project#220) * Admin Users must be able to access all monitors opensearch-project#139 * Refactored
* Update copyright notice (#222) Signed-off-by: Mohammad Qureshi <qreshi@amazon.com> * Admin Users must be able to access all monitors #139 (#220) * Admin Users must be able to access all monitors #139 * Refactored Co-authored-by: Mohammad Qureshi <47198598+qreshi@users.noreply.github.com> Co-authored-by: Sriram <59816283+skkosuri-amzn@users.noreply.github.com>
* Admin Users must be able to access all monitors #139 (#220) * Admin Users must be able to access all monitors #139 * Refactored * Update copyright notice (#222) Signed-off-by: Mohammad Qureshi <qreshi@amazon.com> Co-authored-by: Sriram <59816283+skkosuri-amzn@users.noreply.github.com> Co-authored-by: Mohammad Qureshi <47198598+qreshi@users.noreply.github.com>
* Cherry-pick commits to 1.x (#227) * Update copyright notice (#222) Signed-off-by: Mohammad Qureshi <qreshi@amazon.com> * Admin Users must be able to access all monitors #139 (#220) * Admin Users must be able to access all monitors #139 * Refactored Co-authored-by: Mohammad Qureshi <47198598+qreshi@users.noreply.github.com> Co-authored-by: Sriram <59816283+skkosuri-amzn@users.noreply.github.com> * Updates alerting version to 1.2 (#192) * Updates alerting version to 1.2 * Adds snapshot repo to the repository file Signed-off-by: Clay Downs <downsrob@amazon.com> * Update build to use public Maven repo (#184) Signed-off-by: Abbas Hussain <abbas_10690@yahoo.com> * Publish notification JARs checksums. (#196) * Publish notification JARs checksums. Signed-off-by: dblock <dblock@dblock.org> * Remove sonatype staging. Signed-off-by: dblock <dblock@dblock.org> * Updates testCompile mockito version to match OpenSearch changes (#204) Signed-off-by: Clay Downs <downsrob@amazon.com> * Update maven publication to include cksums. (#224) This change adds a task to publish to a local staging repo under build/ that includes cksums. It also updates build.sh to use this new task and copy the contents of the staging repo to the output directory. The maven publish plugin will not include these cksums when publishing to maven local but will when published to a separate folder. Signed-off-by: Marc Handalian <handalm@amazon.com> * Add release notes for 1.2.0.0 release (#225) * Create opensearch-alerting.release-notes-1.2.0.0.md Signed-off-by: Annie Lee <leeyun@amazon.com> * Update opensearch-alerting.release-notes-1.2.0.0.md * Update opensearch-alerting.release-notes-1.2.0.0.md * Add backwards compatibility tests (#199) * Initial commit for BWC tests Signed-off-by: Mohammad Qureshi <qreshi@amazon.com> * Update bwc test to check Monitor stats and add bwc tests to GitHub Actions Signed-off-by: Mohammad Qureshi <qreshi@amazon.com> * Use current version plugin bundle from build for bwc tests instead of manually uploading Signed-off-by: Mohammad Qureshi <qreshi@amazon.com> * Update mockito-core dependency to 3.12.4 to prevent conflict Signed-off-by: Mohammad Qureshi <qreshi@amazon.com> * Remove disabling security manager flag when running BWC tests Signed-off-by: Mohammad Qureshi <qreshi@amazon.com> Co-authored-by: Mohammad Qureshi <47198598+qreshi@users.noreply.github.com> Co-authored-by: Sriram <59816283+skkosuri-amzn@users.noreply.github.com> Co-authored-by: Clay Downs <89109232+downsrob@users.noreply.github.com> Co-authored-by: Abbas Hussain <abbashus@amazon.com> Co-authored-by: Daniel Doubrovkine (dB.) <dblock@dblock.org> Co-authored-by: Marc Handalian <handalm@amazon.com> Co-authored-by: Annie Lee <71157062+leeyun-amzn@users.noreply.github.com>
|
Closing this issue as the change has been merged. |
…rch-project#139 Signed-off-by: skkosuri-amzn <skkosuri@amazon.com>
…rch-project#139 (opensearch-project#280) Signed-off-by: skkosuri-amzn <skkosuri@amazon.com>
…rch-project#139 (opensearch-project#280) Signed-off-by: Sriram <59816283+skkosuri-amzn@users.noreply.github.com>
…rch-project#139 (opensearch-project#280) Signed-off-by: Sriram <59816283+skkosuri-amzn@users.noreply.github.com>
* Update copyright notice (opensearch-project#222) Signed-off-by: Mohammad Qureshi <qreshi@amazon.com> * Admin Users must be able to access all monitors opensearch-project#139 (opensearch-project#220) * Admin Users must be able to access all monitors opensearch-project#139 * Refactored Co-authored-by: Mohammad Qureshi <47198598+qreshi@users.noreply.github.com> Co-authored-by: Sriram <59816283+skkosuri-amzn@users.noreply.github.com> Signed-off-by: AWSHurneyt <hurneyt@amazon.com>
…rch-project#139 (opensearch-project#280) Signed-off-by: Sriram <59816283+skkosuri-amzn@users.noreply.github.com> Signed-off-by: AWSHurneyt <hurneyt@amazon.com>
Is your feature request related to a problem? Please describe.
Admin Users must be able to access all monitors.
Describe the solution you'd like
Admin Users must be able to access all monitors. <TODO: add more details>
Describe alternatives you've considered
A clear and concise description of any alternative solutions or features you've considered.
The text was updated successfully, but these errors were encountered: