Open ari-aviran opened 2 years ago
Pinging @elastic/kibana-cloud-security-posture (Team:Cloud Security Posture)
@ari-aviran thank you for creating this issue!
Let's create a new role specifically for our use case (maybe call it cloud_security_posture_management_user
?)
I initially thought about rolling the permissions we need into some pre-existing security role, but our capability is likely to be used by users who might not interact with other parts of the security solution, like SRE/DevOps/DevSecOps personas coming to view the findings for the systems InfoSec is asking them to remediate. Enabling InfoSec teams to permit them access only to the posture views via our role would be nice.
When the time comes, and we start generating alerts and supporting cases, then we can think about adding some of the extra permissions we need to an existing security role.
wdyt?
cc @tehilashn
Once we've made a decision, I will create a ticket to include the updated information in our docs.
Today most roles in Kibana do not allow access to cloud security posture indices in ES, resulting in potential permission errors when users try to access the cloud security posture pages. We need to either create a role that has access to our ES indices + our Kibana UI (currently under the
Security - read
Kibana permission) or modify an existing role (if for example there is a role usually used for security users) and add permissions to our ES indices in it.After this is implemented, we'll need to update our documentation to guide users to add the role we created/modified here for users that need access to cloud posture data. cc: @tinnytintin10