honeymoose
/
OpenSearch
mirror of https://github.com/honeymoose/OpenSearch.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Docs: Explain watcher security integration/limitations (elastic/x-pack-elasticsearch#3106) 

Original commit: elastic/x-pack-elasticsearch@991e1de267
This commit is contained in:
Alexander Reelsen 2017-11-29 14:48:06 +01:00 committed by GitHub
parent 171c48fd2f
commit c641a30bc5
3 changed files with 29 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
docs/en/rest-api/watcher/execute-watch.asciidoc
View File

@ -118,6 +118,18 @@ are five possible modes an action can be associated with:
You must have `manage_watcher` cluster privileges to use this API. For more You must have `manage_watcher` cluster privileges to use this API. For more
information, see {xpack-ref}/security-privileges.html[Security Privileges]. information, see {xpack-ref}/security-privileges.html[Security Privileges].
[float]
==== Security Integration
When {security} is enabled on your Elasticsearch cluster, then watches will be
executed with the privileges of the user that stored the watches. If your user
is allowed to read index `a`, but not index `b`, then the exact same set of
rules will apply during execution of a watch.
When using the execute watch API, the authorization data of the user that
called the API will be used as a base, instead of of the information who stored
the watch.
[float] [float]
==== Examples ==== Examples

8
docs/en/rest-api/watcher/put-watch.asciidoc
View File

@ -74,6 +74,14 @@ A watch has the following fields:
You must have `manage_watcher` cluster privileges to use this API. For more You must have `manage_watcher` cluster privileges to use this API. For more
information, see {xpack-ref}/security-privileges.html[Security Privileges]. information, see {xpack-ref}/security-privileges.html[Security Privileges].
[float]
==== Security Integration
When {security} is enabled, your watch will only be able to index or search on
indices for which the user that stored the watch, has privileges. If the user is
able to read index `a`, but not index `b`, the same will apply, when the watch
is executed.
[float] [float]
==== Examples ==== Examples

10
docs/en/watcher/limitations.asciidoc
View File

@ -17,4 +17,12 @@ When you create a new watch or edit an existing watch, if you navigate away
from the page without saving your changes they will be lost without warning. from the page without saving your changes they will be lost without warning.
Make sure to save your changes before leaving the page. Make sure to save your changes before leaving the page.
image::watcher-ui-edit-watch.png[] image::watcher-ui-edit-watch.png[]
[float]
=== Security Integration
When {security} is enabled, a watch stores information about what the user who
stored the watch is allowed to execute **at that time**. This means, if those
permissions change over time, the watch will still be able to execute with the
permissions that existed when the watch was created.