Skip to content

"Actions & Connectors" users are surprised by the fact that users with read-only permissions can test connectors and execute actions #105512

New issue
New issue
Open
Open
"Actions & Connectors" users are surprised by the fact that users with read-only permissions can test connectors and execute actions#105512

Description

@nickpeihl

nickpeihl
openedon Jul 13, 2021

Kibana version:
7.14.0-BC

Original install method (e.g. download page, yum, from source, etc.):

Cloud

Describe the bug:

A user with only "Read" permissions on "Actions and Connectors" and "Stack Rules" can test connectors. I'm not sure if this is intentional or not. But it seems to be that limited access users should maybe not be able to test connectors. I imagine a scenario where a read-only user is able to send a test through an existing PagerDuty connector either naively (or belligerently) to wake up the on-call person at 3AM. 😅

Steps to reproduce:

  1. Create a connector using a third-party integration such as PagerDuty or Email
  2. Create a user with only "Read" permissions on "Actions and Connectors" and "Stack Rules"
  3. Log in as the user created in step 2 and create a test on the connector created in step 1
  4. Note that the read-only user is able to send the test successfully

Expected behavior:

It seems to me that only users with permission to create and modify connectors should be able to test the connectors.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Metadata

Assignees

No one assigned

    Labels

    Feature:Actions/ConnectorsManagementIssues related to Connectors Management UXTeam:ResponseOpsLabel for the ResponseOps team (formerly the Cases and Alerting teams)UXdocsestimate:smallSmall Estimated Level of Effort

    Type

    No type

    Projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions