Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Timeline][Search Strategy] - Authorization architecture around search strategy #106782

Closed
yctercero opened this issue Jul 26, 2021 · 4 comments
Closed

[Timeline][Search Strategy] - Authorization architecture around search strategy #106782

yctercero opened this issue Jul 26, 2021 · 4 comments
Labels
discuss Feature:Detection Alerts/Rules RBAC Security Solution RBAC for rules and alerts impact:low Addressing this issue will have a low level of impact on the quality/strength of our product. Team:Detection Alerts Security Detection Alerts Area Team Team:Detections and Resp Security Detection Response Team Team:Threat Hunting Security Solution Threat Hunting Team

Comments

@yctercero
Copy link
Contributor

An awesome feature of search strategy is that it allows a user to continue interacting with the applciation while long running queries are conducted in the background. Part of that feature includes giving the user the ability to cancel their long running queries as well.

We figured out while implementing RBAC for alerts within our search strategy that in order for RBAC to work, we needed 1) the full Kibana request passed down to us in the dependencies and 2) the ability to query using internal Kibana user since with RBAC users are not assigned ES privileges. Both of these requirements were met and so RBAC is being added to the timeline search strategy.

However, @lukasolson brought to our attention that the authorization should also occur on cancel.
#105333 (comment)

This ticket is meant to discuss and hopefully make a decision on the following:

  • Who should be allowed to cancel requests?
    • Current search strategies use asCurrentUser so authorization is baked into the calls via ES privileges
  • If we do want to restrict who can cancel, what information is needed to conduct the auth?
    • We'd need at least the full KIbana request and perhaps the rule type ids?
@yctercero yctercero added discuss Team:AppServices Team:Detections and Resp Security Detection Response Team Team:Threat Hunting Security Solution Threat Hunting Team labels Jul 26, 2021
@elasticmachine
Copy link
Contributor

Pinging @elastic/security-threat-hunting (Team:Threat Hunting)

@elasticmachine
Copy link
Contributor

Pinging @elastic/security-detections-response (Team:Detections and Resp)

@elasticmachine
Copy link
Contributor

Pinging @elastic/kibana-app-services (Team:AppServices)

@yctercero yctercero mentioned this issue Jul 26, 2021
Merged
9 tasks
@exalate-issue-sync exalate-issue-sync bot added impact:low Addressing this issue will have a low level of impact on the quality/strength of our product. loe:small Small Level of Effort impact:high Addressing this issue will have a high level of impact on the quality/strength of our product. and removed impact:low Addressing this issue will have a low level of impact on the quality/strength of our product. labels Jul 29, 2021
@peluja1012 peluja1012 added Team:Detection Alerts Security Detection Alerts Area Team Feature:Detection Alerts/Rules RBAC Security Solution RBAC for rules and alerts labels Sep 15, 2021
@exalate-issue-sync exalate-issue-sync bot added loe:medium Medium Level of Effort and removed loe:small Small Level of Effort labels Sep 28, 2021
@exalate-issue-sync exalate-issue-sync bot added loe:small Small Level of Effort and removed loe:medium Medium Level of Effort labels Dec 14, 2021
@exalate-issue-sync exalate-issue-sync bot added impact:low Addressing this issue will have a low level of impact on the quality/strength of our product. and removed loe:small Small Level of Effort impact:high Addressing this issue will have a high level of impact on the quality/strength of our product. labels May 23, 2022
@vadimkibana
Copy link
Contributor

Thank you for contributing to this topic, however, we are closing this issue due to inactivity as part of a backlog grooming effort. If you believe this discussion thread still should be considered, please reopen with a comment, potentially in the Discussions section.

@vadimkibana vadimkibana closed this as not planned Won't fix, can't repro, duplicate, stale Aug 10, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
discuss Feature:Detection Alerts/Rules RBAC Security Solution RBAC for rules and alerts impact:low Addressing this issue will have a low level of impact on the quality/strength of our product. Team:Detection Alerts Security Detection Alerts Area Team Team:Detections and Resp Security Detection Response Team Team:Threat Hunting Security Solution Threat Hunting Team
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@peluja1012 @yctercero @elasticmachine @vadimkibana