arisonl
commented
3 years ago Thoughts: Alerting API keys are created when a rule is created or disabled/enabled. A rule which was created by a user that used to have FLS/DLS would be impacted, if FLS/DLS was taken away from them, and they proceed to update or disable/enable the rule. However, since alerting API keys are generated automatically by the framework with the role's privileges and roles are not impacted by the change, rules should not be impacted either(?). Is this thinking correct? Is there impact and if so, what is it?
mikecote
Elasticsearch Security is tightening up the behaviour DLS/FLS with API keys. Changes include adding a license check when creating API keys with DLS/FLS: https://github.com/elastic/elasticsearch/pull/77400
We should research how alerting is impacted.