-
Notifications
You must be signed in to change notification settings - Fork 59
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[REQUEST]: Document the privileges needed for Fleet and Integrations #724
Comments
Hello, is there any update on this? We need to know what are the privileges needed by a user to be able to access Fleet Server since we do not want to make everyone a superuser, I couldn't find any documenation on this. |
@leandrojmp I'm very sorry but I won't be able to look at this issue to update the documentation until mid-January. Until then, perhaps @criamico can provide some guidance. |
Hello @kilfoyle is there any update on this? |
Thanks for the reminder @leandrojmp and apologies for the delay. I've opened up this PR. @criamico The above PR updates the regular Fleet & Agent docs. For the Fleet API docs, since those are generated directly out of the Fleet API spec, we'll need to wait for your elastic/kibana#172155 issue to close, and then I or anyone can regenerate the docs using these instructions. |
Thanks @kilfoyle for picking up this ticket! I'll see if elastic/kibana#172155 can get prioritized in one of the upcoming sprints. |
Just for reference, here's the new docs page: Required roles and privileges |
I think this can be closed, since the public docs are updated and there's a separate PR (elastic/kibana#172155) for the API docs. |
Description
Recently we've received several requests (in SDHs and other places) to document how to setup roles and privileges for running Fleet and integrations. The privileges system in Fleet changed with 8.0.0 but I'm not sure if it was ever created a specific docs page to explain it.
So I think we should document:
Resources
Current docs
Currently I could only find a line on the docs
I think we should expand it to a separate page as it doesn't seem very clear to user what this means.
Some explanation about the privilege system for Fleet is in the original PR (it was introduced in 8.1): elastic/kibana#108252 (comment). Feel free to contact me for further explanations.
How to create a role for fleet:
Also, the
viewer
andeditor
built-in roles grant similar privileges:Editor
role behaves like Fleet > All, Integrations > AllViewer
role behaves like Fleet -> None, Integrations -> ReadCollaboration
The documentation team will investigate the issue and create the initial content.
Point of contact.
Main contact: @
Stakeholders:
The text was updated successfully, but these errors were encountered: