Avoid redundant saved objects authorization checks #82203
Labels
Feature:Saved Objects
performance
Team:Security
Team focused on: Auth, Users, Roles, Spaces, Audit Logging, and more!
As of Kibana 7.9 (via #67644), saved objects all have a
namespaces
response field. This is redacted to remove any space IDs that the user is not authorized to see.Unfortunately, these additional authorization checks can add up very quickly and clog up the audit logs. Instead, we should avoid authorization checks for space IDs that we have already checked during that request.
The text was updated successfully, but these errors were encountered: