search

elastic / kibana

Your window into the Elastic Stack
https://www.elastic.co/products/kibana
Other
19.62k stars 8.22k forks source link

Remove unnecessary properties from public User interface #199504

Open legrego opened 2 hours ago

legrego commented 2 hours ago

The Security plugin exposes information about the current user, for consumption by other plugins. We should evaluate the fields we are currently exposing, and deprecate/remove fields that are not strictly necessary.

For example, we currently expose the list of roles that belong to the current user. This information is needed by our own administrative screens (User profile, user management, etc.), but it should not be needed by other plugins, as they should be performing authorization checks based on privileges, not roles.

Removing fields from the public interface means that we may need to create internal endpoints to retrieve these private fields (such as roles), in order to maintain functionality within our own features (such as user management).

elasticmachine commented 2 hours ago

Pinging @elastic/kibana-security (Team:Security)