I am struggeling with the right permissions to provide a user a possibility to be able to manage search guard signals using Kibana. Can you help me: What action group and permission setttings should a search guard role utilize so the user is able to access and manage search guard signals in kibana?
If you are not using multi-tenancy, you should add the action group SGS_SIGNALS_WATCH_MANAGE to the tenant permissions of SGS_GLOBAL_TENANT. This might look like this:
If you are using multi-tenancy, you need to replace SGS_GLOBAL_TENANT by the names of the tenants you want to grant privileges for.
Administrative actions like adding accounts or editing settings require further permissions. For this, add SGS_SIGNALS_ACCOUNT_MANAGE to the cluster permissions of a role.
Thank you. I assume I can apply this configuration to a role instead to the user directly right? Unfortunatelly I am not able to select this action group in the role configuration even though the action group itself does exist:
@Kosmonafft probably the Signals action groups are not available in your SG version. They are available in recent versions. It is a good idea to make that single-selection input accepting custom values. I added an issue for this.
@Kosmonafft I see now. A limited set of actions available under Create Role > Tenants Permissions. Because not all actions make sense in this context. And the Signals actions were added in 7.8.0-43.0.0. That’s why you don’t see them.