[DOCS] Adds example of assigning roles in Reporting #52757
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
Pinging @elastic/kibana-docs (Team:Docs) |
legrego
reviewed
Dec 11, 2019
| ==== If you are using the `native` realm | ||
|
|
||
| You can assign roles through the | ||
| *Management* app in Kibana or with the `user` API. |
There was a problem hiding this comment.
Should we link to the ES User API docs here?
https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-put-user.html
|
|
||
| You can assign roles through the | ||
| *Management* app in Kibana or with the `user` API. | ||
| This example shows to use *Management* to create a user who has a custom role and the |
There was a problem hiding this comment.
Suggested change
| This example shows to use *Management* to create a user who has a custom role and the | |
| This example shows how to use *Management* to create a user who has a custom role and the |
| @@ -32,13 +69,15 @@ POST /_security/user/reporter | |||
| } | |||
| --------------------------------------------------------------- | |||
|
|
|||
| * If you are using an LDAP or Active Directory realm, you can either assign | |||
| ==== If you are using an LDAP or Active Directory realm | |||
There was a problem hiding this comment.
I'm guessing when this was originally written, that Kibana only supported LDAP and Active Directory outside of the built-in native realm. We have support for a few other external identity providers now, like SAML, OIDC, Kerberos, and PKI. All of these providers would require role mappings instead of the traditional user-role assignment.
What do you think about something like:
Suggested change
| ==== If you are using an LDAP or Active Directory realm | |
| ==== If you are using an external identity provider, such as LDAP or Active Directory |
| * If you are using an LDAP or Active Directory realm, you can either assign | ||
| ==== If you are using an LDAP or Active Directory realm | ||
|
|
||
| You can either assign | ||
| roles on a per user basis, or assign roles to groups of users. By default, role | ||
| mappings are configured in | ||
| {ref}/mapping-roles.html[`config/shield/role_mapping.yml`]. |
There was a problem hiding this comment.
Note to future me and future you:
#52559 is introducing a UI to manage role mappings, so when the time comes, we can link there instead of promoting the file-based role mapping mechanism.
tsullivan
reviewed
Dec 11, 2019
| ==== If you are using the `native` realm | ||
|
|
||
| You can assign roles through the | ||
| *Management* app in Kibana or with the {ref}/security-api-put-user.html[user API]. |
There was a problem hiding this comment.
The user API phrase links away from the page, but it really seems relevant to a block of text below on the same page, that starts with This example uses the user API to create a user...
tsullivan
reviewed
Dec 11, 2019
| Go to *Management > Users*, add a new user, and assign the user the built-in | ||
| `reporting_user` role and your new custom role, `custom_reporting_user`. | ||
|
|
||
| This example uses the `user` API to create a user who has the |
There was a problem hiding this comment.
This section on creating a native realm user with the API seems like it should have a header.
Can the above link with the user API text link to this section?
Perhaps the outward-directing link that goes to security-api-put-user could be moved down to here?
gchaps
added a commit
to gchaps/kibana
that referenced
this pull request
Dec 12, 2019
* [DOCS] Adds example of assigning roles in Reporting * [DOCS] Updates reporting security doc with review comments * [DOCS] Incorporates review comments in reporting doc
gchaps
added a commit
to gchaps/kibana
that referenced
this pull request
Dec 12, 2019
* [DOCS] Adds example of assigning roles in Reporting * [DOCS] Updates reporting security doc with review comments * [DOCS] Incorporates review comments in reporting doc
gchaps
added a commit
to gchaps/kibana
that referenced
this pull request
Dec 12, 2019
* [DOCS] Adds example of assigning roles in Reporting * [DOCS] Updates reporting security doc with review comments * [DOCS] Incorporates review comments in reporting doc
gchaps
added a commit
to gchaps/kibana
that referenced
this pull request
Dec 12, 2019
* [DOCS] Adds example of assigning roles in Reporting * [DOCS] Updates reporting security doc with review comments * [DOCS] Incorporates review comments in reporting doc
gchaps
added a commit
to gchaps/kibana
that referenced
this pull request
Dec 12, 2019
* [DOCS] Adds example of assigning roles in Reporting * [DOCS] Updates reporting security doc with review comments * [DOCS] Incorporates review comments in reporting doc
gchaps
added a commit
that referenced
this pull request
Dec 12, 2019
gchaps
added a commit
that referenced
this pull request
Dec 12, 2019
gchaps
added a commit
that referenced
this pull request
Dec 12, 2019
gchaps
added a commit
that referenced
this pull request
Dec 12, 2019
gchaps
added a commit
that referenced
this pull request
Dec 12, 2019
jloleysens
added a commit
to jloleysens/kibana
that referenced
this pull request
Dec 30, 2019
…aved-objects * upstream/master: (134 commits) [Dashboard] Add visualization from dasbhoard empty screen (elastic#52670) Print out agent debugging links during CI (elastic#52812) Add babel-plugin-styled-components to webpack config (elastic#52862) [Console] Fix load from remote (elastic#52814) Ensure APM agent config file path respects CWD (elastic#52880) [Watcher] Removed overwritten property (elastic#49998) [Data Plugin]: Remove `export *` for common code from public/server index files (elastic#52821) Hide stderr git output during APM agent configuration (elastic#52878) Polish migration.md (elastic#52764) Change ajax_stream to use new-line delimited JSON (elastic#52797) Stabilize dashboard save modal functional test (elastic#52761) [Discover] Place tooltip at bottom of filter button (elastic#52720) Disable/enable filter with click+shift on a filter badge (elastic#52751) [APM] Make client-side routes static (elastic#52574) [Maps] Get basic structure of NP client shim in place (elastic#52551) update chromedriver to 79 (elastic#52784) [DOCS] Adds example of assigning roles in Reporting (elastic#52757) Add instructions for setting up remote clusters needed for CCS and CCR (elastic#52796) [docs] max-old-space-size (elastic#52310) [Monitoring] Fix 7.5 cloud test issues (elastic#51781) ...
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
This PR adds an example of that shows how to use Management to create a user who has a custom role and the reporting_user role.
See this formatted version of the doc.
Closes #45738
[skip ci]