You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
What is the bug?
Coming from #1481, there is a possiblity that users have used the Dashboards dropdown to create permissions object were a cluster permission was included in the list of index permissions. These permissions might be creating confusion since they are not authorizing actions as expected.
How can one reproduce the bug?
Steps to reproduce the behavior:
Edit permission on a role
Select the index permissions
Select the permission indices:data/write/reindex and apply it
Attempt to run a reindex with an account that uses that role
What is the expected behavior?
Reindex should fail because permission really weren't granted, it should be clear how the permissions should be modified to grant that permission
The text was updated successfully, but these errors were encountered:
@setiah Could you weigh in if you think this requires are migration to detect these invalid configurations and the appropriate action to take on them (Delete the invalid permission, create the correct permission on the role)?
[Triage] I don't think its clear that this would be high value for security plugin users - this area will be approached when permissions declarations are revisited
What is the bug?
Coming from #1481, there is a possiblity that users have used the Dashboards dropdown to create permissions object were a cluster permission was included in the list of index permissions. These permissions might be creating confusion since they are not authorizing actions as expected.
How can one reproduce the bug?
Steps to reproduce the behavior:
indices:data/write/reindex
and apply itWhat is the expected behavior?
Reindex should fail because permission really weren't granted, it should be clear how the permissions should be modified to grant that permission
The text was updated successfully, but these errors were encountered: