-
Notifications
You must be signed in to change notification settings - Fork 8.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
RBAC Audit Logging #19418
Comments
@kobelb adding context for the reason users asked for audit log in the past, please keep in mind when working on logs for these scenarios
cc: @joshbressers |
Just to be clear, we're specifically targeting this issue at ensuring we have audit logging for the deficiencies that RBAC introduces, it's not our objective to resolve all asks around unified audit logging in Kibana. The larger effort is being tracked here |
I understand, most of the requests for audit logs are around who view/edit an object and the audit logs here are done because of the RBAC, I figured it made sense to explicitly call it here so you will have it in mind, if you think it's not the right place I can delete it |
@kobelb can this be closed? |
Yup, thanks @legrego |
We're historically deferred to Elasticsearch's audit log to audit events that Kibana executes on behalf of users. This has worked because we've made requests using the end-user's credentials to Elasticsearch so the events show up with the principal of the authenticated user. With the implementation of RBAC, this is no longer the case, and certain requests for end-users are made with the Kibana internal server user (after authorizing the users). We should log our own audit events in these scenarios, since we can't defer to Elasticsearch's audit log for these.
The text was updated successfully, but these errors were encountered: