-
Notifications
You must be signed in to change notification settings - Fork 8.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[EDR Workflows] Workflow Insights - RBAC #205088
base: main
Are you sure you want to change the base?
Conversation
💚 Build Succeeded
Metrics [docs]Async chunks
Page load bundle
History
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Changes to packages/kbn-es/src/serverless_resources/project_roles/security/roles.yml
LGTM
Pinging @elastic/fleet (Team:Fleet) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Fleet change LGTM
Access Control for Endpoint Workflow Insights
This PR adds access control to the Endpoint Workflow Insights functionality. Both the UI and API are gated based on the following conditions. If these conditions are not met, the content will not render, and direct API calls will return errors.
Access Conditions
Predefined serverless roles that should include endpoint insights privilege(as defined here):
Once this PR is merged and changes make it to canary release, this follow-up PR should be merged.
Note on Testing and Local Setup
To test these changes locally, the
defendInsights
assistant feature must be enabled. You can do this by updating the following line in the code: Enable defendInsights here.Cypress Tests
Cypress tests in this PR are currently skipped because the
defendInsights
feature is not enabled by default. These tests should be enabled once the feature is turned on in the main branch. Successful run with all cypress tests enabled can be found here.Screenshots