noahtalerman
commented
6 months ago Noah: Observer+ users can run arbitrary queries.
@pintomi1989 what are the tables that the customer would prevent Observer+ users from running?
Open pintomi1989 opened 6 months ago
noahtalerman
commented
6 months ago Noah: Observer+ users can run arbitrary queries.
@pintomi1989 what are the tables that the customer would prevent Observer+ users from running?
noahtalerman
commented
6 months ago @pintomi1989 we discussed this during the last feature fest.
We decided not to work on drafts for this in the upcoming sprint (4.49)
Removing from feature fest.
pintomi1989
commented
4 months ago @noahtalerman
Security dictates in this environment that only members of the security org should have access to security-related data, i.e., an desktop admin or help desk tech can't use Fleet tables which expose this data, e.g.,
carves
anything that would return browser history
"personal" data
Could be a white or black list, i.e.,
Customer believes this would make the product more useful to users outside their security org
As a Fleet user, I would like to dictate which tables certain roles may access. Adding a config to the Observer+ role to restrict the tables that user can run queries against (On a per user basis) would accomplish this.