Open
Description
openedon Jul 13, 2021
Kibana version:
7.14.0-BC
Original install method (e.g. download page, yum, from source, etc.):
Cloud
Describe the bug:
A user with only "Read" permissions on "Actions and Connectors" and "Stack Rules" can test connectors. I'm not sure if this is intentional or not. But it seems to be that limited access users should maybe not be able to test connectors. I imagine a scenario where a read-only user is able to send a test through an existing PagerDuty connector either naively (or belligerently) to wake up the on-call person at 3AM. 😅
Steps to reproduce:
- Create a connector using a third-party integration such as PagerDuty or Email
- Create a user with only "Read" permissions on "Actions and Connectors" and "Stack Rules"
- Log in as the user created in step 2 and create a test on the connector created in step 1
- Note that the read-only user is able to send the test successfully
Expected behavior:
It seems to me that only users with permission to create and modify connectors should be able to test the connectors.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment