I am looking at the User Roles and wondered if someone has created a couple of admin roles like a global admin and admin role?
I would like to have a user role that can view and change the built in users passwords and perform and another role that allows new users to be created and change password but have no visibility of built in users. The idea behind this is to limit the number of people that can change passwords for users Elasticsearch, kibana and logstash use to communicate with each other.
Right now there is only
manage_security privilege that allows users to manage security operations that include change password.
I think what you are after is more granular user editing privileges that can be restricted to set of users or realms to achieve separation of duties between different admins. Sorry as of latest release this is a missing feature and there is an existing issue that tracks this requirement: https://github.com/elastic/elasticsearch/issues/29932. It is unassigned meaning no one is actively working on it and we do not have any timelines on to when it will get resolved for now.
Thanks and Regards,
Thank you for the reply.
I look forward to this feature being made available in a future release of the ELK Stack
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.