154b10e901
This change adds a new permission that allows authorized users to execute a request as another user. The flow is as follows: 1. The user making the request is authenticated 2. The user that is being impersonated is looked up 3. The requesting user is authorized for the privilege to run as the specified user 4. The impersonated user is then authorized for the given request Additionally, the auditing has been updated to support this capability and indicates when a user has been granted the ability to run as another user and then also indicates both the user who is being impersonated and the requesting user when actions are granted/denied. Closes elastic/elasticsearch#17 Original commit: elastic/x-pack-elasticsearch@00e5a6169b |
||
|---|---|---|
| .. | ||
| shield-core-rest-tests | ||
| shield-example-realm | ||
| shield-tribe-node-tests | ||
| smoke-test-plugins | ||
| smoke-test-plugins-ssl | ||
| smoke-test-watcher-with-shield | ||
| pom.xml | ||