Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

separate permissions from all_access #50

Closed
adityaj1107 opened this issue Jun 3, 2021 · 2 comments
Closed

separate permissions from all_access #50

adityaj1107 opened this issue Jun 3, 2021 · 2 comments
Labels
enhancement New request

Comments

@adityaj1107
Copy link
Contributor

Issue by mbchris
Tuesday Nov 24, 2020 at 09:46 GMT
Originally opened as opendistro-for-elasticsearch/index-management#351

Is your feature request related to a problem? Please describe.
As documented, using index management features is only supported when caller is a member of the all_access role:

To use the ISM plugin, your user role needs to be mapped to the all_access role that gives you full access to the cluster. To learn more, see Users and roles.

This means that it is not possible to delegate index management API calls to partner systems without giving them full cluster management access .

Describe the solution you'd like

The API calls for creating/updating/deleting an ISM policy should be a separate permission which is assignable to a custom role.

e.g.

cluster:admin/opendistro/ism/get
cluster:admin/opendistro/ism/write
cluster:admin/opendistro/ism/delete
cluster:admin/opendistro/ism/retry

Describe alternatives you've considered

Additional context
@adityaj1107 adityaj1107 added the enhancement New request label Jun 3, 2021
@adityaj1107
Copy link
Contributor Author

Comment by dbbaughe
Friday Dec 18, 2020 at 17:53 GMT

This is in progress as we migrate ISM to the security model implemented by alerting/AD.

@bowenlan-amzn
Copy link
Member

We have released ISM integrated with this security model in OpenSearch 1.1

thalurur pushed a commit to thalurur/open-index-management that referenced this issue Oct 22, 2021
@lobdelle
Added PolicySettings and DeleteModal components for PolicyDetails UI (o…
b9645f1 
…pensearch-project#50)

* Added PolicySettings and DeleteModal components for View Policy UI
* Added PolicySettings test snapshot and fixed placeholder edit button
* Fixing DeleteModal renders component test
* Fixed interface duplication, cleaned up PolicySettings, fixed PolicySettings test
* Simplified ISMTemplate handling, removed unnecessary coversion function
* Added ISM Template count to panel title
* Fixing timezone dependency on PolicySettings test

Signed-off-by: Eric Lobdell <lobdelle@amazon.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@adityaj1107 @bowenlan-amzn