* Create manage_seaech_connector privilege
* `manage_search_connector` -> `manage_connector` and exclude connector secrets patterns from this privilege
* Add `monitor_connector` privilege
* Update Kibana system privilege to monitor_connector for telemetry
* Rename privilege to 'manage_connector_state'
Since privilege names are often namespaced and used with globs, we want to ensure that if there's a future privilege like `manage_connector_secrets`, that it is not implicitly included in this new privileg's <name>*. By extending the privilege name to include "_state", we better namespace this distinct from any "_secrets" namespace.
* Revert "Rename privilege to 'manage_connector_state'"
This reverts commit 70b89eee76.
After further discussion with the security team, this name change is not needed after all
since the secret management privileges aren't currently prefixed with "manage_"
---------
Co-authored-by: Sean Story <sean.j.story@gmail.com>
This commit introduces the documentation for remote_clusters which is used to help
express the monitor_enrich privilege needed to use the ENRICH keyword across clusters
when using the API key based CCS security model.
This commit also adds "remote_clusters" to the built in privs API to for easier consumption
in Kibana.
In this PR we introduce the API that will expose the global retention configuration and will allow users to take advantage of it.
These APIs are protected by the dedicated introduced privileges:
`manage_data_stream_global_retention` or higher, which allows all operations on the global retention configuration
`monitor_data_stream_retention` or higher, which allows the retrieval of the global retention configuration.
This PR is the final PR that makes the global retention available for our users.
Defines new inference_user and inference_admin roles with the
related cluster privileges manage_inference and monitor_inference.
inference_user can list the models and preform inference,
inference_admin can do the same plus create and delete models
- Introduce new internal system index called .connector-secrets
- Add GET and POST requests for connector secrets
- Add permission sets for read and write connector secrets
- Introduce new internal system index called .connector-secrets
- Add GET and POST requests for connector secrets
- Create read_connector_secrets and write_connector_secrets role permissions
This change introduces a new privilege monitor_enrich. Users are
required to have this privilege in order to use the enrich functionality
in ESQL. Additionally, it eliminates the need to use the enrich_origin
when executing enrich lookups. The enrich_origin will only be used when
resolving enrich policies to prevent warnings when accessing system
indices directly.
Closes#98482
**Problem:**
For historical reasons, source files for the Elasticsearch Guide's security, watcher, and Logstash API docs are housed in the `x-pack/docs` directory. This can confuse new contributors who expect Elasticsearch Guide docs to be located in `docs/reference`.
**Solution:**
- Move the security, watcher, and Logstash API doc source files to the `docs/reference` directory
- Update doc snippet tests to use security
Rel: https://github.com/elastic/platform-docs-team/issues/208
2023-09-12 14:53:41 -04:00
Renamed from x-pack/docs/en/rest-api/security/get-builtin-privileges.asciidoc (Browse further)
