Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Feature Request] Alerting permissions separation #1451

Open
rlevytskyi opened this issue Mar 6, 2024 · 3 comments
Open

[Feature Request] Alerting permissions separation #1451

rlevytskyi opened this issue Mar 6, 2024 · 3 comments
Labels
enhancement New feature or request

Comments

@rlevytskyi
Copy link

Is your feature request related to a problem? Please describe

We have several teams at our organization with access to OpenSearch.
We use Alerting a lot to make people aware on some events.
Typically alerts are managed by SA team which has access to Alerting.
We want to make some Devs available to create/edit their own alerts but don't want them to be able to change our alerts.
I've carefully read the "Alerting Security" manual at https://opensearch.org/docs/latest/observing-your-data/alerting/security/ and found no way to accomplish the task.
I.e. either we give Devs team (teams) access to Alerting and they will be able to edit our alerts or we have to create alert for them.

Describe the solution you'd like

Probably some owner/editor/viewer set of attributes for every individual alert would make it possible to manage user's own or permitted alerts only.

Related component

Other

Describe alternatives you've considered

We have test/staging installation where Devs can create and test the alerts; however, it's not possible to have Prod data there.

Additional context

No response
@rlevytskyi rlevytskyi added enhancement New feature or request untriaged labels Mar 6, 2024
@peternied
Copy link
Member

@opensearch-project/admin Could you please transfer this issue to the alerting repo?

@bbarani bbarani transferred this issue from opensearch-project/OpenSearch Mar 6, 2024
@scubbx
Copy link

scubbx commented Sep 2, 2024

As described at https://opensearch.org/docs/latest/observing-your-data/alerting/security/#create-a-monitor-with-an-rbac-role, with the OpenSearch API it is possible to explicitly specify the backend roles that will be able to see and edit a specific monitor.
Wouldn't it be possible to make this property available from within OpenSearch-Dashboards?

When creating or editing any monitor a property containing backend-roles with access-permissions can be set via a multi-selection option. The options that can be selected are a list of all backend-roles the current user is mapped to.

By this, a single user can further restrict access to monitors for certain users without losing access themselves.

@scubbx
Copy link

scubbx commented Sep 3, 2024

Just found out, my comment is better located at the OpenSearch-Dashboards-Alerting-Plugin repo. There is already an issue concerning my suggestion: opensearch-project/alerting-dashboards-plugin#860

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@scubbx @peternied @engechas @rlevytskyi