github-mirrors/kibana
1
0
Fork 0
mirror of https://github.com/elastic/kibana.git synced 2025-06-28 03:01:21 -04:00
Code Issues Projects Releases Packages Wiki Activity
kibana/dev_docs/key_concepts
History
Elena Shostak ed058086e2
[Authz] Added allOf and anyOf nested conditions (#215516) 
## Summary

Currently, our `requiredPrivileges` structure supports `allRequired` and
`anyRequired` for defining authorization logic. However, there is [a
need to
support](https://github.com/elastic/kibana/pull/205335#issuecomment-2569275302)
more complex scenarios as `(privilege1 AND privilege2) OR (privilege3
AND privilege4)`

To achieve `anyRequired` has been extended to allow defining multiple
AND conditions evaluated with OR logic:
```ts
security: {
  authz: {
    requiredPrivileges: [{
       anyRequired: [
          { allOf: ['privilege1', 'privilege2'] }, 
          { allOf: ['privilege3', 'privilege4'] }
        ] 
      }
    ]
  }
}
```

`allRequired` now also supports scenarios `(privilege1 OR privilege2)
AND (privilege3 OR privilege4)`
```ts
security: {
  authz: {
    requiredPrivileges: [{
       allRequired: [
          { anyOf: ['privilege1', 'privilege2'] }, 
          { anyOf: ['privilege3', 'privilege4'] }
        ] 
      }
    ]
  }
}
```

> [!IMPORTANT]
> We expect to have unique privileges in `anyOf` or `allOf` conditions,
assuming that most complex conditions can be simplified by boolean
algebra laws (OR/AND distributive etc).


### Checklist

- [x]
[Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html)
was added for features that require explanation or tutorials
- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
- [x] The PR description includes the appropriate Release Notes section,
and the correct `release_note:*` label is applied per the
[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)

__Closes: https://github.com/elastic/kibana/issues/210977__

---------

Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
2025-04-03 14:28:17 +02:00
..
performance SKA: Update broken references and URLs (#206836) 2025-01-28 03:32:48 +00:00
anatomy_of_a_plugin.mdx async-import plugins in the server side (#170856) 2023-11-15 00:55:56 -07:00
api_authorization.mdx [Authz] Added allOf and anyOf nested conditions (#215516) 2025-04-03 14:28:17 +02:00
audit_logging.mdx [api-docs] follow the correct schema for frontmatter (#138348) 2022-08-10 17:17:50 -05:00
building_blocks.mdx [Discover] Rename Saved Search to Discover Session (#202217) 2024-12-18 13:45:32 +01:00
data_views.mdx [api-docs] follow the correct schema for frontmatter (#138348) 2022-08-10 17:17:50 -05:00
embeddables.mdx SKA: Update broken references and URLs (#206836) 2025-01-28 03:32:48 +00:00
encrypted_saved_objects.mdx Implements 'Key concepts' developer documentation for Encrypted Saved Objects (#184334) 2024-06-07 14:34:58 +02:00
feature_privileges.mdx [Docs] Update feature privilege docs to reflect new route authorization (#201017) 2024-11-20 14:52:58 -06:00
kibana_platform_plugin_intro.mdx [api-docs] follow the correct schema for frontmatter (#138348) 2022-08-10 17:17:50 -05:00
kibana_system_user.mdx [Docs] Security Route Configuration (#193994) 2024-10-22 06:30:53 -05:00
navigation.mdx SKA: Update broken references and URLs (#206836) 2025-01-28 03:32:48 +00:00
persistable_state.mdx SKA: Update broken references and URLs (#206836) 2025-01-28 03:32:48 +00:00
saved_objects.mdx Updates internal dev docs for Saved Objects (#178058) 2024-03-07 08:16:28 -07:00