Search Guard Signals UI Permissions

Search Guard
1

Hi,

I am struggeling with the right permissions to provide a user a possibility to be able to manage search guard signals using Kibana. Can you help me: What action group and permission setttings should a search guard role utilize so the user is able to access and manage search guard signals in kibana?

Thank you

2

If you are not using multi-tenancy, you should add the action group SGS_SIGNALS_WATCH_MANAGE to the tenant permissions of SGS_GLOBAL_TENANT. This might look like this:

sg_signals_user:
  tenant_permissions:
    - tenant_patterns:
        - 'SGS_GLOBAL_TENANT'
      allowed_actions:
        - 'SGS_SIGNALS_WATCH_MANAGE'

If you are using multi-tenancy, you need to replace SGS_GLOBAL_TENANT by the names of the tenants you want to grant privileges for.

Administrative actions like adding accounts or editing settings require further permissions. For this, add SGS_SIGNALS_ACCOUNT_MANAGE to the cluster permissions of a role.

2 Likes
3

Thank you. I assume I can apply this configuration to a role instead to the user directly right? Unfortunatelly I am not able to select this action group in the role configuration even though the action group itself does exist:

image
image819×681 23.9 KB

4

Just type or paste the complete name of the action group and press enter. The action group will be added then.

5

Yep, tried that. Does not work:

tennant
tennant1579×839 137 KB

It does not take the action group when you press enter

6

I used the sg_roles.yml file to update the respective action groups on the role and it worked out. Thank you

7

@Kosmonafft probably the Signals action groups are not available in your SG version. They are available in recent versions. It is a good idea to make that single-selection input accepting custom values. I added an issue for this.

Screenshot 2020-10-27 at 14.17.36
Screenshot 2020-10-27 at 14.17.36745×690 37.4 KB

8

Actually I can see them all when I go to the Action Groups UI. I just cannot select them in the role somehow:

image
image1656×974 105 KB

my elastic version: 7.6.2
searchguard version: 41.0.0

9

@Kosmonafft I see now. A limited set of actions available under Create Role > Tenants Permissions. Because not all actions make sense in this context. And the Signals actions were added in 7.8.0-43.0.0. That’s why you don’t see them.

1 Like
10

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.