I am struggeling with the right permissions to provide a user a possibility to be able to manage search guard signals using Kibana. Can you help me: What action group and permission setttings should a search guard role utilize so the user is able to access and manage search guard signals in kibana?
If you are not using multi-tenancy, you should add the action group
SGS_SIGNALS_WATCH_MANAGE to the tenant permissions of
SGS_GLOBAL_TENANT. This might look like this:
If you are using multi-tenancy, you need to replace
SGS_GLOBAL_TENANT by the names of the tenants you want to grant privileges for.
Administrative actions like adding accounts or editing settings require further permissions. For this, add
SGS_SIGNALS_ACCOUNT_MANAGE to the cluster permissions of a role.
Thank you. I assume I can apply this configuration to a role instead to the user directly right? Unfortunatelly I am not able to select this action group in the role configuration even though the action group itself does exist:
Just type or paste the complete name of the action group and press enter. The action group will be added then.
Yep, tried that. Does not work:
It does not take the action group when you press enter
I used the sg_roles.yml file to update the respective action groups on the role and it worked out. Thank you
@Kosmonafft probably the Signals action groups are not available in your SG version. They are available in recent versions. It is a good idea to make that single-selection input accepting custom values. I added an issue for this.
Actually I can see them all when I go to the Action Groups UI. I just cannot select them in the role somehow:
my elastic version: 7.6.2
searchguard version: 41.0.0
@Kosmonafft I see now. A limited set of actions available under Create Role > Tenants Permissions. Because not all actions make sense in this context. And the Signals actions were added in 7.8.0-43.0.0. That’s why you don’t see them.
This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.