Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[FEATURE] Improve admin permissions #2838

Closed
willyborankin opened this issue Jun 5, 2023 · 2 comments
Closed

[FEATURE] Improve admin permissions #2838

willyborankin opened this issue Jun 5, 2023 · 2 comments
Labels
enhancement New feature or request help wanted Community contributions are especially encouraged for these issues. triaged Issues labeled as 'Triaged' have been reviewed and are deemed actionable.

Comments

@willyborankin
Copy link
Collaborator

willyborankin commented Jun 5, 2023
edited
Loading

What solution would you like?
The current plugin configuration assumes 3 types of admin users:

  • super admin - required a separate keystore and SSL certificate
  • REST admin - which can be set by settings a predefined role
  • Cluster admin - which has access to all cluster and index operations

Such configuration is not intuitive and creates difficulties during configuration of the cluster.
To simplify the configuration of the plugin it would be better to introduce a list of permissions for the admin users and phase out special users (like super admin).

Permissions are:
- restapi:admin/<endpoint>/<action> - has access to REST API interface to change users, roles, role mappings etc.clear caches, etc

In such case an end user can define a separate admin/rest admin and super admin users.
The existing super admin functionality with certificates could be deprecated and removed in future releases.
Such configuration gives uniformity and flexibility to configure cluster access
@willyborankin willyborankin added enhancement New feature or request untriaged Require the attention of the repository maintainers and may need to be prioritized labels Jun 5, 2023
@stephen-crawford
Copy link
Contributor

stephen-crawford commented Jun 5, 2023
edited
Loading

[Triage] Hi @willyborankin, thank you for filing this issue. The current permission configuration process is complicated so efforts to improve the system are certainly appreciated. Any PRs to this issue would be happily reviewed.

Moving forward: Plan is to make admin able to configure everything but the Security Index.

@stephen-crawford stephen-crawford added triaged Issues labeled as 'Triaged' have been reviewed and are deemed actionable. help wanted Community contributions are especially encouraged for these issues. and removed untriaged Require the attention of the repository maintainers and may need to be prioritized labels Jun 5, 2023
@davidlago
Copy link

#2411 blurs that line making most of those permissionable, so up to the user/cluster admins to decide how to set up.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request help wanted Community contributions are especially encouraged for these issues. triaged Issues labeled as 'Triaged' have been reviewed and are deemed actionable.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@willyborankin @davidlago @stephen-crawford