github-mirrors/kibana
1
0
Fork 0
mirror of https://github.com/elastic/kibana.git synced 2025-04-23 17:28:26 -04:00
Code Issues Projects Releases Packages Wiki Activity
kibana/dev_docs
History
Exact
Elena Shostak ed058086e2
[Authz] Added allOf and anyOf nested conditions (#215516) 
## Summary

Currently, our `requiredPrivileges` structure supports `allRequired` and
`anyRequired` for defining authorization logic. However, there is [a
need to
support](https://github.com/elastic/kibana/pull/205335#issuecomment-2569275302)
more complex scenarios as `(privilege1 AND privilege2) OR (privilege3
AND privilege4)`

To achieve `anyRequired` has been extended to allow defining multiple
AND conditions evaluated with OR logic:
```ts
security: {
  authz: {
    requiredPrivileges: [{
       anyRequired: [
          { allOf: ['privilege1', 'privilege2'] }, 
          { allOf: ['privilege3', 'privilege4'] }
        ] 
      }
    ]
  }
}
```

`allRequired` now also supports scenarios `(privilege1 OR privilege2)
AND (privilege3 OR privilege4)`
```ts
security: {
  authz: {
    requiredPrivileges: [{
       allRequired: [
          { anyOf: ['privilege1', 'privilege2'] }, 
          { anyOf: ['privilege3', 'privilege4'] }
        ] 
      }
    ]
  }
}
```

> [!IMPORTANT]
> We expect to have unique privileges in `anyOf` or `allOf` conditions,
assuming that most complex conditions can be simplified by boolean
algebra laws (OR/AND distributive etc).


### Checklist

- [x]
[Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html)
was added for features that require explanation or tutorials
- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
- [x] The PR description includes the appropriate Release Notes section,
and the correct `release_note:*` label is applied per the
[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)

__Closes: https://github.com/elastic/kibana/issues/210977__

---------

Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
2025-04-03 14:28:17 +02:00
..
assets Developer documentation for designing feature privileges (#166716) 2023-09-27 13:43:55 +02:00
contributing SKA: Extract list of Kibana solutions into a dedicated package (#213353) 2025-03-20 10:20:07 +01:00
getting_started SKA: Update broken references and URLs (#206836) 2025-01-28 03:32:48 +00:00
key_concepts [Authz] Added allOf and anyOf nested conditions (#215516) 2025-04-03 14:28:17 +02:00
lens [Lens] fit line charts by default (#196184) 2024-10-21 15:05:02 +02:00
operations [EuiProvider / Functional tests] Check for EuiProvider Dev Warning (#189018) 2024-08-26 15:08:32 -05:00
shared_ux [Screenshotting] Organize dev docs for screenshotting/chromium (#198100) 2024-10-30 11:55:12 -05:00
tutorials [FIPS][Cloud][Build] Add FIPS cloud image. Convert base image to Wolfi. (#213163) 2025-03-27 08:01:08 -07:00
api_welcome.mdx SKA: Update broken references and URLs (#206836) 2025-01-28 03:32:48 +00:00
kibana_server_core_components.mdx Clean up dev docs (#124271) 2022-02-03 10:09:10 -05:00
nav-kibana-dev.docnav.json Revert "[ResponseOps] Document creating task-manager serverless monitoring assets - adding to kibana dev docs navigation" (#211030) 2025-02-13 18:09:06 +01:00