Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remove kibana_dashboard_only_user role #54755

Closed
2 of 4 tasks
kobelb opened this issue Jan 14, 2020 · 3 comments
Closed
2 of 4 tasks

Remove kibana_dashboard_only_user role #54755

kobelb opened this issue Jan 14, 2020 · 3 comments
Assignees
@azasypkin
Labels
enhancement New value added to drive a business result Feature:Security/Authorization Platform Security - Authorization Feature:Upgrade Assistant impact:low Addressing this issue will have a low level of impact on the quality/strength of our product. loe:small Small Level of Effort Team:Security Team focused on: Auth, Users, Roles, Spaces, Audit Logging, and more!

Comments

@kobelb
Copy link
Contributor

kobelb commented Jan 14, 2020
edited by jportner
Loading

Starting in 7.6, these are deprecated per #25879 on the Elasticsearch side. However, we still want to make some additional changes to the UI to make this even more clear in #45045. Starting in 8.0, we'll want to remove these roles entirely.

Update: We are keeping the kibana_user role since we don't have a great reason to drop this right away. We will still mark this as deprecated and advise users to take advantage of the kibana_admin user instead.

We will still drop the kibana_dashboard_only_user role in 8.0, however, since this feature is being removed entirely.

Tasks:

  • Remove the dashboard_mode plugin from x-pack and all references to dashboard_only in the code base. [Dashboard] Remove Legacy Dashboard Only Mode #108103
  • Remove kibana_dashboard_only_user role from Elasticsearch's set of reserved roles remove dashboard only reserved role elasticsearch#76507
  • Add upgrade assistant warning if a native user has the kibana_dashboard_only_user role, or if a role mapping contains this role.
  • Inspect advanced settings across all spaces to see if the "dashboard only mode role" has been customized, and warn via upgrade assistant if any of these roles are assigned to a native user, , or if a role mapping contains this role.
@kobelb kobelb added enhancement New value added to drive a business result Feature:Security/Authorization Platform Security - Authorization Team:Security Team focused on: Auth, Users, Roles, Spaces, Audit Logging, and more! labels Jan 14, 2020
@elasticmachine
Copy link
Contributor

Pinging @elastic/kibana-security (Team:Security)

@legrego legrego changed the title Remove kibana_user and kibana_dashboard_only_user roles Remove kibana_dashboard_only_user role Aug 3, 2021
@clintandrewhall clintandrewhall mentioned this issue Aug 3, 2021
Closed
@jportner
Copy link
Contributor

Related: #42853 (also deals with roles that need to be changed)

@jportner jportner mentioned this issue Aug 11, 2021
Closed
@ThomThomson ThomThomson mentioned this issue Aug 13, 2021
Merged
ThomThomson added a commit to elastic/elasticsearch that referenced this issue Aug 16, 2021
@ThomThomson
remove dashboard only reserved role (#76507)
5c53a66 
Removes the deprecated kibana_dashboard_only_user from the set of reserved roles in Elasticsearch as this legacy functionality is being removed from Kibana.

Relates: elastic/kibana#54755.
@ThomThomson ThomThomson mentioned this issue Aug 31, 2021
Closed
@jportner jportner mentioned this issue Sep 3, 2021
Closed
@azasypkin azasypkin mentioned this issue Sep 10, 2021
Merged
@exalate-issue-sync exalate-issue-sync bot added impact:low Addressing this issue will have a low level of impact on the quality/strength of our product. loe:small Small Level of Effort labels Sep 10, 2021
@azasypkin
Copy link
Member

Handled in #110960 (with the exception of inspecting of the Advanced Settings #110960 (comment))

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@azasypkin azasypkin

Labels
enhancement New value added to drive a business result Feature:Security/Authorization Platform Security - Authorization Feature:Upgrade Assistant impact:low Addressing this issue will have a low level of impact on the quality/strength of our product. loe:small Small Level of Effort Team:Security Team focused on: Auth, Users, Roles, Spaces, Audit Logging, and more!
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@kobelb @azasypkin @legrego @jportner @elasticmachine