Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Security Solution] Move up RBAC check for installing and upgrading rules to endpoint handlers #161772

Open
jpdjere opened this issue Jul 12, 2023 · 2 comments
Open

[Security Solution] Move up RBAC check for installing and upgrading rules to endpoint handlers #161772

jpdjere opened this issue Jul 12, 2023 · 2 comments
Labels
Feature:Prebuilt Detection Rules Security Solution Prebuilt Detection Rules area Team:Detection Rule Management Security Detection Rule Management Team Team:Detections and Resp Security Detection Response Team Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. technical debt Improvement of the software architecture and operational architecture

Comments

@jpdjere
Copy link
Contributor

jpdjere commented Jul 12, 2023
edited
Loading

Summary

The current RBAC mechanism for enforcing that users with roles with a Kibana privilege of feature_siem.read cannot install or upgrade rules is done at the Rules Client level.

This means that when the user calls either:

POST /internal/detection_engine/prebuilt_rules/installation/_perform
POST /internal/detection_engine/prebuilt_rules/upgrade/_perform

the check is done once per each of the rules that the user wishes to install or upgrade.

In order to have a cleaner RBAC check and improve performance of the endpoint in this use case:

  • move the check that the user has enough privileges for installing or updating rules to our endpoint handlers, and respond immediately with an unauthorised error.
@jpdjere jpdjere added bug Fixes for quality problems that affect the customer experience triage_needed Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. labels Jul 12, 2023
@elasticmachine
Copy link
Contributor

Pinging @elastic/security-solution (Team: SecuritySolution)

@jpdjere jpdjere added technical debt Improvement of the software architecture and operational architecture Team:Detections and Resp Security Detection Response Team Team:Detection Rule Management Security Detection Rule Management Team and removed bug Fixes for quality problems that affect the customer experience labels Jul 12, 2023
@elasticmachine
Copy link
Contributor

Pinging @elastic/security-detections-response (Team:Detections and Resp)

@jpdjere jpdjere mentioned this issue Jul 12, 2023
Closed
@banderror banderror added Feature:Prebuilt Detection Rules Security Solution Prebuilt Detection Rules area 8.10 candidate and removed triage_needed labels Jul 19, 2023
@banderror banderror removed their assignment Jul 19, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Feature:Prebuilt Detection Rules Security Solution Prebuilt Detection Rules area Team:Detection Rule Management Security Detection Rule Management Team Team:Detections and Resp Security Detection Response Team Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. technical debt Improvement of the software architecture and operational architecture
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@jpdjere @banderror @elasticmachine