Allow defining privileges limited to a subset of a resource #34384
Description
When considering cluster actions, Security uses a binary decision based on the action name and the user's privileges. In order to meet the needs of our users, security should also take the actual resource into account like we do in the case of index level actions.
The team recently discussed this and we feel that it is possible to accomplish this using the existing infrastructure for security by inspecting requests and what they will be affecting. In terms of defining these privileges, the format developed as part of #32116; that is they would be defined under the policy field of a role.
This issue will be used to track the overall progress of adding these new privilege restrictions.
- Ingest Pipeline Access Controls
- Index template access controls
- Search template access controls
- Snapshot/Restore access controls
- Cluster settings access controls
- Index settings
- Stored scripts
- Persistent tasks
- ML Jobs
- Watches