Skip to content

[8.x] [Failure Store] Manage-style privileges grant both data and failures access (#125900) #126044

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 4 commits into from
Apr 7, 2025
Merged

[8.x] [Failure Store] Manage-style privileges grant both data and failures access (#125900) #126044

merged 4 commits into from
Apr 7, 2025

Conversation

n1v0lg
Copy link
Contributor

@n1v0lg n1v0lg commented Apr 1, 2025

Backports the following commits to 8.x:

@n1v0lg
[Failure Store] Manage-style privileges grant both data and failures …
91c7677 
…access (elastic#125900)

It's more natural for `manage` and `manage_data_stream_lifecycle` to
grant access to management style APIs both for regular data streams and
their failure stores.

This PR adds support for privileges to grant access to both data and
failures selectors (without granting access to everything, à la `all`),
and extends `manage` and `manage_data_stream_lifecycle` to grant failure
store access, in addition to regular data stream access.
`manage_failure_store` still grants failures-only access.
@n1v0lg n1v0lg added :Security/Authorization Roles, Privileges, DLS/FLS, RBAC/ABAC >non-issue auto-merge-without-approval Automatically merge pull request when CI checks pass (NB doesn't wait for reviews!) backport Team:Security Meta label for security team labels Apr 1, 2025
@elasticsearchmachine elasticsearchmachine mentioned this pull request Apr 1, 2025
Merged
@n1v0lg
Copy link
Contributor Author

n1v0lg commented Apr 4, 2025
edited
Loading

This one has a compile issue because one of the Automaton methods is different in 8.19. On me to fix.

@slobodanadamovic
Copy link
Contributor

This one has a compile issue due because one of the Automatons method is different in 8.19. On me to fix.

I see now. I've retried it when I saw we are missing backport while trying to backport #126215.

@elasticsearchmachine elasticsearchmachine merged commit cb83936 into elastic:8.x Apr 7, 2025
20 checks passed
@n1v0lg n1v0lg deleted the backport/8.x/pr-125900 branch April 7, 2025 13:54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
auto-merge-without-approval Automatically merge pull request when CI checks pass (NB doesn't wait for reviews!) backport >non-issue :Security/Authorization Roles, Privileges, DLS/FLS, RBAC/ABAC Team:Security Meta label for security team v8.19.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@n1v0lg @slobodanadamovic @elasticsearchmachine