elasticmachine
commented
2 years ago Pinging @elastic/fleet (Team:Fleet)
Open zez3 opened 2 years ago
elasticmachine
commented
2 years ago Pinging @elastic/fleet (Team:Fleet)
zez3
commented
2 years ago any updates @joshdover ?
zez3
commented
2 years ago @jamiehynds ?
zez3
commented
12 months ago @nimarezainia
nimarezainia
commented
11 months ago @zez3 we are looking at making Fleet space aware to the extent possible. but there will be limitations and we are working through those details at this point.
Describe the feature: Make Agents+Integrations (including custom pipelines) space aware
Describe a specific use case for the feature: We've got some power users/sysadmins/DevOps(tenants like) that need to install their own Agents+APM and be able to customize the Policy Integrations that they deploy in their own Space without Elastic Admin permissions. They also need some custom pipelines. Since sharable saved objects are already a thing, like @jen-huang mentioned here and @joshdover in https://github.com/elastic/kibana/issues/128202#issuecomment-1084600441 the need to allow users to share the same SO across multiple spaces would make sense here but I am not sure that it will cover all cases(like custom pipelines)
To clarify, other "tenants" in different spaces should not be able to interact with the Agents already deployed but assigned to other spaces or the other way around. Elastic Admins should.
At the moment I limit in roles the index access based on the namespace *my_namespace_tenant* and read-only for metrics-*my_namespace_tenant* That works great for indices but for pipelines I need to give the bellow permission which are a bit too much as they could break some not belonging pipelines. manage_enrich manage_pipeline read_pipeline manage_ingest_pipelines manage_logstash_pipelines manage