Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Impersonate User/User Rights #1462

Open
aimtsou opened this issue Sep 30, 2021 · 0 comments
Open

Impersonate User/User Rights #1462

aimtsou opened this issue Sep 30, 2021 · 0 comments
Labels
enhancement New feature or request triaged Issues labeled as 'Triaged' have been reviewed and are deemed actionable.

Comments

@aimtsou
Copy link

aimtsou commented Sep 30, 2021
edited
Loading

Is your feature request related to a problem? Please describe.
Sometimes even when reading which rights to assign to users it is difficult to know what they can access and what they can see through the different modules offered in OpenDistro.

Describe the solution you'd like
We would like to suggest for admins to have an impersonate feature. This means that you can become your selected user and browser through OpenSearch with the rights of your selected user. Consequently, it will be easier to fix the rights and permissions assigned to specific users. If not possible to a specific user then it should be for a specific group of permissions assigned to the user.

Furthermore it will accompany well this Feature Request: #566 and complement from the Kibana side this already existing feature: https://opendistro.github.io/for-elasticsearch-docs/docs/security/access-control/impersonation/

Describe alternatives you've considered
No alternatives considered.
@aimtsou aimtsou added the enhancement New feature or request label Sep 30, 2021
@davidlago davidlago added the triaged Issues labeled as 'Triaged' have been reviewed and are deemed actionable. label Oct 10, 2022
gaobinlong pushed a commit to gaobinlong/security that referenced this issue Aug 30, 2023
@leanneeliatra @RyanL1997
@cwperks @DarshitChanpura
Add the tenant into the short URL once the short URL is resolved (ope…
e9f9576 
…nsearch-project#1462)

* More information added

Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com>

* More information added

Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com>

* fixed linting errors

Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com>

* Removing Prerequisite Checks Workflow (opensearch-project#1456)

Signed-off-by: Ryan Liang <jiallian@amazon.com>
Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com>

* Removing Prerequisite Checks Workflow (opensearch-project#1456)

Signed-off-by: Ryan Liang <jiallian@amazon.com>
Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com>

* Removing Prerequisite Checks Workflow (opensearch-project#1456)

Signed-off-by: Ryan Liang <jiallian@amazon.com>
Signed-off-by: Ryan Liang <109499885+RyanL1997@users.noreply.github.com>
Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com>

* Extracting function to tenant_resolver and adding more appropriate comments.

Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com>

* lint errors fixed

Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com>

* Use version from package.json for integration tests (opensearch-project#1463)

* Use version from package.json for integration tests

Signed-off-by: Craig Perkins <cwperx@amazon.com>
Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com>

* Adds 2.8 release notes (opensearch-project#1464)

Signed-off-by: Darshit Chanpura <dchanp@amazon.com>
Co-authored-by: Ryan Liang <109499885+RyanL1997@users.noreply.github.com>
Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com>

* Cleaning up comments

Signed-off-by: Leanne Lacey-Byrne <leanne.laceybyrne@eliatra.com>
Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com>

* linting issues resolved

Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com>

* Removing Prerequisite Checks Workflow (opensearch-project#1456)

Signed-off-by: Ryan Liang <jiallian@amazon.com>
Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com>

* Removing Prerequisite Checks Workflow (opensearch-project#1456)

Signed-off-by: Ryan Liang <jiallian@amazon.com>
Signed-off-by: Ryan Liang <109499885+RyanL1997@users.noreply.github.com>
Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com>

* Update server/multitenancy/tenant_resolver.ts

Co-authored-by: Darshit Chanpura <35282393+DarshitChanpura@users.noreply.github.com>
Signed-off-by: leanneeliatra <131779422+leanneeliatra@users.noreply.github.com>
Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com>

* comments addressed & linting amended

Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com>

* integration test fix following rebase

Signed-off-by: leanneeliatra <131779422+leanneeliatra@users.noreply.github.com>
Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com>

---------

Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com>
Signed-off-by: Ryan Liang <jiallian@amazon.com>
Signed-off-by: Ryan Liang <109499885+RyanL1997@users.noreply.github.com>
Signed-off-by: Craig Perkins <cwperx@amazon.com>
Signed-off-by: Darshit Chanpura <dchanp@amazon.com>
Signed-off-by: Leanne Lacey-Byrne <leanne.laceybyrne@eliatra.com>
Signed-off-by: leanneeliatra <131779422+leanneeliatra@users.noreply.github.com>
Co-authored-by: Ryan Liang <109499885+RyanL1997@users.noreply.github.com>
Co-authored-by: Craig Perkins <cwperx@amazon.com>
Co-authored-by: Darshit Chanpura <35282393+DarshitChanpura@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request triaged Issues labeled as 'Triaged' have been reviewed and are deemed actionable.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@aimtsou @davidlago