elasticmachine
commented
1 year ago Pinging @elastic/kibana-security (Team:Security)
Open legrego opened 1 year ago
elasticmachine
commented
1 year ago Pinging @elastic/kibana-security (Team:Security)
nickpeihl
commented
1 week ago I believe we have another use case that will need profiles on the http auth provider level. Since Saved Objects APIs are now deprecated, the @elastic/kibana-presentation team is working on a domain level CRUD API for Dashboards. https://github.com/elastic/kibana/pull/179344 added the created_by property to saved objects such as Dashboards. However, this field can not be populated when submitting a create operation using the API, so we can not identify a Dashboard owner if/when we have object level permissions.
cc @teresaalvarezsoler @thomasneirynck
We currently do not activate user profiles for accounts leveraging the
httpauth provider (e.g. passing anAuthorizationheader to Kibana via reverse proxy).We should allow these accounts to have their profiles activated, so they can take advantage of profile-related features. We will need to be careful about this implementation, as we do not want to blindly activate user profiles on any API call to Kibana. We will need to be thoughtful about when & where we decide to perform this activation step.
Required by: https://github.com/elastic/kibana/issues/167459