Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

How to Limit Access to Alerting Plugin #460

Closed
sevenval-admins opened this issue May 19, 2022 · 3 comments
Closed

How to Limit Access to Alerting Plugin #460

sevenval-admins opened this issue May 19, 2022 · 3 comments
Labels
enhancement New feature or request untriaged

Comments

@sevenval-admins
Copy link

sevenval-admins commented May 19, 2022

Is your feature request related to a problem? Please describe.
Hi guys, I have the following problem: I was testing the Alerting plugin and as stated in the documentation, basically every monitor and destination that is created is visible to every user, except if the following setting is applied:

PUT _cluster/settings
{
  "transient": {
    "plugins.alerting.filter_by_backend_roles": "true"
  }
}

With this option it is possible depending on the backend role to restrict the display of monitors and destinations.
My OpenSearch is connected to a LDAP-Server and in my company there are hundreds of AD-Groups which my OpenSearch resolves all as backend roles. All of us in the company share several AD-Groups and as specified in the documentation the separation of monitors and destinations only works if no backend role is shared.
Setting the resolve_nested_roles option to false excludes all roles that are nested but still leaves several that are not.
Even if I use the nested_role_filter parameter this only applies to nested roles and leaves out all those that are not.

Describe the solution you'd like
It would be a great improvement to have the possibility to separate the Monitoring and Destinations according to Tenant or to really be able to filter out all unnecessary roles.

Thanks in advance to anyone wo will take a look into it.

@sevenval-admins sevenval-admins added enhancement New feature or request untriaged labels May 19, 2022
@adnapibar
Copy link

@opensearch-project/security Can you please take a look into this?

@dblock dblock transferred this issue from opensearch-project/OpenSearch May 23, 2022
@sevenval-admins
Copy link
Author

A Feature Request was opened at Alerting-Plugin project: #459
I think we can close the issue here @adnapibar ?

@lezzago
Copy link
Member

lezzago commented Jun 3, 2022

I will close this issue in favor of #459 and #138, which is the original issue to track this problem.

@lezzago lezzago closed this as completed Jun 3, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request untriaged
Projects
None yet
Development

No branches or pull requests

3 participants