Open legrego opened 1 year ago
Pinging @elastic/kibana-security (Team:Security)
I believe we have another use case that will need profiles on the http
auth provider level. Since Saved Objects APIs are now deprecated, the @elastic/kibana-presentation team is working on a domain level CRUD API for Dashboards. https://github.com/elastic/kibana/pull/179344 added the created_by
property to saved objects such as Dashboards. However, this field can not be populated when submitting a create operation using the API, so we can not identify a Dashboard owner if/when we have object level permissions.
cc @teresaalvarezsoler @thomasneirynck
We currently do not activate user profiles for accounts leveraging the
http
auth provider (e.g. passing anAuthorization
header to Kibana via reverse proxy).We should allow these accounts to have their profiles activated, so they can take advantage of profile-related features. We will need to be careful about this implementation, as we do not want to blindly activate user profiles on any API call to Kibana. We will need to be thoughtful about when & where we decide to perform this activation step.
Required by: https://github.com/elastic/kibana/issues/167459