elastic / kibana

Your window into the Elastic Stack
https://www.elastic.co/products/kibana
Other
19.69k stars 8.24k forks source link

Create/modify a role to have permissions for CSP indices #145519

Open ari-aviran opened 2 years ago

ari-aviran commented 2 years ago

Today most roles in Kibana do not allow access to cloud security posture indices in ES, resulting in potential permission errors when users try to access the cloud security posture pages. We need to either create a role that has access to our ES indices + our Kibana UI (currently under the Security - read Kibana permission) or modify an existing role (if for example there is a role usually used for security users) and add permissions to our ES indices in it.

After this is implemented, we'll need to update our documentation to guide users to add the role we created/modified here for users that need access to cloud posture data. cc: @tinnytintin10

elasticmachine commented 2 years ago

Pinging @elastic/kibana-cloud-security-posture (Team:Cloud Security Posture)

tinnytintin10 commented 2 years ago

@ari-aviran thank you for creating this issue!

Let's create a new role specifically for our use case (maybe call it cloud_security_posture_management_user?)

I initially thought about rolling the permissions we need into some pre-existing security role, but our capability is likely to be used by users who might not interact with other parts of the security solution, like SRE/DevOps/DevSecOps personas coming to view the findings for the systems InfoSec is asking them to remediate. Enabling InfoSec teams to permit them access only to the posture views via our role would be nice.

When the time comes, and we start generating alerts and supporting cases, then we can think about adding some of the extra permissions we need to an existing security role.

wdyt?

cc @tehilashn

tinnytintin10 commented 2 years ago

Once we've made a decision, I will create a ticket to include the updated information in our docs.